What is Hidden Ransomware
Hidden Ransomware, a variant of the Voidcrypt ransomware family, is a malicious program that carries out its nefarious activities by encrypting data and then demanding ransoms in exchange for decryption tools. As part of the encryption process, all the affected files undergo a renaming process, adopting a specific pattern. The new filenames include the original file name, the email address of the cyber criminals, a unique ID assigned to the victims, and the .hidden extension. For example, a file named 1.pdf
would be transformed into something like 1.pdf.[Wannadecryption@gmail.com][random-sequence].Hidden
after encryption. In addition to the file renaming, the ransomware drops ransom messages in !INFO.HTA files within compromised folders.
!!! Your Files Has Been Encrypted !!!
♦ your files has been locked with highest secure cryptography algorithm ♦
♦ there is no way to decrypt your files without paying and buying Decryption tool♦
♦ but after 48 hour decryption price will be double♦
♦ you can send some little files for decryption test♦
♦ test file should not contain valuable data♦
♦ after payment you will get decryption tool ( payment Should be with Bitcoin)♦
♦ so if you want your files dont be shy feel free to contact us and do an agreement on price♦
♦ !!! or Delete you files if you dont need them !!!
♦Your ID :-
our Email :Wannadecryption@gmail.com
In Case Of No Answer :Wannadecryption@gmail.com
The ransom message contained in the “!INFO.HTA” file notifies the victims that their data has been encrypted using a strong cryptographic algorithm. According to the message, the only way to regain access to the files is by purchasing decryption tools from the cyber criminals responsible for the infection. Although the size of the demanded ransom is not specified in the message, it is mentioned that the amount will double if not paid within 48 hours. The ransom must be paid in Bitcoin, and victims are instructed to contact the criminals via email to obtain further information, such as the exact ransom amount and payment instructions.
To convince victims that recovery is possible, the cyber criminals may attach a number of small encrypted files with no valuable information to their emails. These files are decrypted and returned to the victims as a form of “proof” that the decryption process is feasible. However, in most cases of ransomware attacks, decryption without the involvement of the perpetrators is nearly impossible, except in rare cases where the malware is still in development or has significant flaws. Regardless, it is strongly advised against meeting the ransom demands.
Unfortunately, even if the ransom is paid, victims often do not receive the promised decryption tools or software. As a result, they not only suffer financial losses but also remain unable to access their encrypted data, rendering it essentially useless. To prevent further encryption by Hidden ransomware, it is crucial to remove the malware from the operating system. However, removing the ransomware will not restore the files that have already been affected. The only viable solution is to recover the data from a previously created backup that was stored in a separate location.
How Hidden Ransomware infected your computer
The infection of a computer by ransomware typically occurs through various methods, including spam campaigns, unofficial software activation tools (commonly known as “cracking”), Trojans, untrustworthy file and software download sources, and fake software updating tools. In spam campaigns, cyber criminals send emails disguised as official and important messages, often containing malicious attachments or download links for harmful files. Opening such attachments or downloading files via these links leads to the installation of malicious software. The malicious files attached to these emails can take the form of executable files (.exe), archive files like RAR and ZIP, PDF documents, JavaScript files, or Microsoft Office documents. Software “cracking” tools are presented as a means to illegally activate licensed software, but instead, they typically install malicious programs and fail to activate any legitimate software. Trojans are another type of rogue program that can initiate chain infections, allowing for the installation of additional malware.
- Download Hidden Ransomware Removal Tool
- Get decryption tool for .hidden files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like Hidden Ransomware
Download Removal Tool
To remove Hidden Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of Hidden Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.
Alternative Removal Tool
To remove Hidden Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Hidden Ransomware and prevents future infections by similar viruses.
Hidden Ransomware files:
!INFO.HTA
{randomname}.exe
Hidden Ransomware registry keys:
no information
How to decrypt and restore .hidden files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .hidden files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .hidden files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with Hidden Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .hidden files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like Hidden Ransomware , in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Hidden Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.