Haxerboi – another ransomware imitating the infamous WannaCry

Haxerboi is a crypto-virus also known as ransomware.[1] Its payload is being executed via hackerboi.exe file, which is currently spread as a part of HaxerBoi malware builder V 0.1. Once downloaded, the ransomware encrypts files using an AES cipher and appends a .haxerboi file extension to the most of the files.
| Name | Haxerboi |
|---|---|
| Type | Ransomware |
| Danger level | High. Runs multiple scripts and renders personal files inaccessible |
| Distribution | HaxerBoi malware builder V 0.1. Can also be spread via malspam, exploit kits or rogue software updates |
| File extension | .haxerboi |
| Detection | AV engines recognize it as HiddenTear or HiddenTears version 1 |
| Download FortectIntego and run a scan with it to eliminate Haxerboi ransomware | |
The ransomware is spread via malware builder application, so most of the wanna-be hackers are not expecting to get into the trap of hackers by themselves. Luckily, Haxerboi ransomware seems to be a test version and is currently under investigation whether it can bring about success.
Once the potential victim downloads the HaxerBoi V 0.1 and runs the executable file, he or she is presented with a ransom note. Although the developers are trying to imitate the infamous WannaCry ransom note, they can hardly be confused. A pop-up window with a text in a red background saying “Oops your files have been encrypted” lacks a countdown clock on the left side. Nevertheless, the body texts are identical:
What happened to my computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
The Haxerboi ransomware does not provide a unique identification number, which is an immediate warning that the ransomware is destructive rather than constructive. It's not very likely that the developer will know which PC has to be maintained even the victim transfers the payment.
The Haxerboi virus demands only $10 ransom that has to be transmitted in Bitcoins within 6 hours. After that, the price should double, while the absolute deadline is 12 hours. At this point, hackers are supposed to delete the personal Haxerboi decryption key, thus making the locked files inaccessible forever.
It's not yet clear whether the ransomware fulfills its tasks. Nonetheless, dieviren.de[2] experts and other security vendors highly recommend people not to pay the ransom even if it's only $10 worth. Instead of that, you should initiate a full Haxerboi removal.
As we have already mentioned, it does not seem that the ransomware developers would have a Haxerboi ransomware decryptor themselves. Even if they do, by paying it you risk downloading another malware, such as rootkit, spyware or warm to your PC.
The only way to remove Haxerboi ransomware is to download a reputable anti-virus, say FortectIntego, SpyHunterCombo Cleaner, MalwarebytesMalwarebytes and run a full system scan.

VirusTotal[3] analysis indicates the fact that the Haxerboi virus might have been built on the platform of open-source ransomware dubbed as HiddenTear. BitDefender, Emsisoft, F-Secure, GData, Ikarus, and other influential AV engines recognized the ransomware as Gen:Heur.Ransom.HiddenTears.1, Trojan.Ransom.HiddenTear, Gen:Heur.Ransom.HiddenTears.1 (B), Trojan-Ransom.HiddenTear, and similar. Nevertheless, experts haven't yet approved that the Haxerboi ransomware emergence has been crafted using the Hidden Tear source code.
Anyway, Haxerboi removal is a must to keep using the PC regularly. Launch antivirus scanner and run a full system scan with it. After that, you should try to retrieve files locked by this cyber menace with the help of third-party tools.
Ransomware distribution method
At the moment, this ransomware virus is being disseminated via HaxerBoi malware builder V 0.1. This tool does not fall for the list of favorite freeware, so its prevalence is not expected to go wild.
Nevertheless, the distribution of Crypto-viruses is seldom confined to one strategy. It's essential to monitor email messages and avoid opening attachments of emails named as “urgent,” priority,” “highly important” or similar.
In addition to malspam, people can get infected with ransomware after clicking on fake software updates or accessing illegal websites infected with JavaScript. Thus, it's important to think twice before clicking on suspicious looking ads, links, and other content when browsing the web.
Steps to get rid of Haxerboi ransomware virus
The Haxerboi virus hasn't yet been thoroughly evaluated. Nevertheless, it's clear that it locks files and can render them hostage permanently.
To prevent this from happening, remove Haxerboi asap. You won't be able to do that manually, so make sure to install or update a reliable security tool and run a full system scan with it. Once you're done with the Haxerboi removal, try data decryption methods listed down below.
Was this guide helpful?
Be the first to comment