Happydayz@india.com Ransomware
Posted: February 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 28 |
| First Seen: | February 19, 2017 |
|---|---|
| Last Seen: | September 16, 2020 |
| OS(es) Affected: | Windows |
The 'Happydayz@india.com' Ransomware is a Trojan created from the third, major version of the Globe Ransomware (Globe3 Ransomware). It encrypts your files with an AES cipher to lock them and sends the victim ransoming messages to sell its decryption service. Since free decryption solutions are available but limited in implementation, malware researchers advise backing up your files to keep this threat from causing any loss of media that isn't remediable. Various anti-malware products also can delete the 'Happydayz@india.com' Ransomware before it installs itself and implements its ransom attempt successfully.
Sad Days Ahead with Greetings from the Globe Ransomware
The 'Happydayz@india.com' Ransomware is one of the newer Trojans to appear as a direct descendant of the Globe Ransomware family, which has gone through multiple iterations before arriving at its latest build. The 'Happydayz@india.com' Ransomware is a spinoff of the most recent update to the platform; as a result, it uses a relatively difficult to break enciphering routine to keep any victims from opening their files. As explained in the messages it places on the victim's drive, the 'Happydayz@india.com' Ransomware's makes its attacks with the motivation of selling the decryptor.
The 'Happydayz@india.com' Ransomware operates by enumerating the infected PC's drives, potentially including any network shares, for files of formats such as DOC, JPG or PDF. The 'Happydayz@india.com' Ransomware uses an AES-based encryption technique for locking these files, as well as inserting '.happydayzz' extensions after the default extensions of each one. After having locked your files, the 'Happydayz@india.com' Ransomware creates an HTA ransoming message that tries to sell the victim a file-decoding service.
Victims should be aware that malware experts often see this same message recycled in other Trojan campaigns that aren't from the Globe Ransomware family. When examined separately from any other symptoms, this pop-up is an unreliable means of identifying a 'Happydayz@india.com' Ransomware infection.
Keeping the Days Spent on Your PC as Inexpensive as Possible
While malware researchers have yet to confirm the ransom amounts the 'Happydayz@india.com' Ransomware's authors require, paying such a fee comes with a variety of disadvantages that bring the value of the transaction into question. Previous iterations of the Globe Ransomware, including threats based on the third versions, sometimes are decryptable by freeware solutions that do improve the odds of a full recovery. However, such solutions can require a non-encrypted copy of an encrypted file and aren't always perfect. Remote backups persist as the catch-all data recovery choice for threats of this type.
Because the 'Happydayz@india.com' Ransomware's campaign is new, analysis of its distribution methodology is incomplete. Con artists sometimes opt for installing file-encryptor Trojans manually after compromising a high-value entity but may use e-mail-based circulation. Standard anti-malware protection should suffice for blocking this and other installation exploits by deleting the 'Happydayz@india.com' Ransomware as soon as your software detects it.
Besides its somewhat ironic name, the 'Happydayz@india.com' Ransomware is, first and foremost, more evidence of the willingness of threat authors to re-create new threats out of old ones rapidly. If your files are worth more than your money, then you should use appropriate backup strategies to guarantee that the issue never will be put to the test.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SystemDrive%\AntiUsbWorm\mtvjvcxmfy.exe
File name: mtvjvcxmfy.exeSize: 886.78 KB (886784 bytes)
MD5: 4071a0e28a5f23406e00c8f7e93caea9
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\AntiUsbWorm
Group: Malware file
Last Updated: September 16, 2020