FANDOM



HakunaMatata

HakunaMatata Ransom Note

HakunaMatata is a ransomware spreading via email spam. It starts encrypting user files as soon as it is launched on the computer. It comes from the Nmoreia ransomware and can be called Nmoreira 2.0.

Once the files are encrypted using AES-256 and RSA-2048 algorithms the original files are deleted while the encrypted ones start bearing a ".HakunaMatata" extension (hence the name).

It is known to delete the shadow copies in order to make file recovery harder. It uses the following commands upon launch:

cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet vssadmin.exe 

Delete Shadows /All /Quiet

HakunaMatata does not ask for a specific amount of money. Instead, it provides a BitMessage link which is used to contact the malware creators.

Files associated with this ransomware:

  • Recovers files yako.html
  • <random>.exe
  • <random>.tmp
  • crypter_191_.exe
  • net1.exe
  • wevtutil.exe

SourcesEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.