HAT Ransomware
The HAT Ransomware is a file-locking Trojan from the Dharma Ransomware family, a Ransomware-as-a-Service or RaaS. Threat actors distribute it to block the victim's files and collect ransoms for the unlocking service. Users should protect any precious media through secure backups and leverage robust anti-malware solutions for removing the HAT Ransomware.
Some New Summer Fashion for Media Files
Since 2016's Dharma Ransomware and Trojan campaigns like the Bmtf Ransomware, the GNS Ransomware, the HCK Ransomware, or the Rxx Ransomware, the family's presence is a mainstay example of file-locker Trojans and their operational norms. Another sprouting member of that tree, the HAT Ransomware, makes headway into vulnerable Windows environments as of July. Appropriately, the Trojan seems not very different from a cosmetic change in clothes, thanks to a near-identical payload to those of its previous ancestors.
With a late July entry into the threat landscape, the HAT Ransomware shows many attributes in kind with old members of its Ransomware-as-a-Service. It favors Windows environments, has an extremely-small executable size, and uses Registry entries and Mutex-based techniques for its installation persistence. More significant features inside its payload include:
- The HAT Ransomware encrypts files (ranging from media like DOCs and JPGs to software components like DLLs) with a secure AES and RSA encryption method. After stopping the data from opening, it gives them new name identifiers: a victim ID, a bracketed e-mail address and an extension.
- The HAT Ransomware also wipes the user's Shadow Volume Copy using the built-in CMD utility, which stops them from recovering with a Restore Point.
- This Trojan uses both Notepad format and pop-up (HTA style) ransom notes. Although the HAT Ransomware conforms to a standardized template here, it's of note that the threat actor uses a very short deadline for encouraging payments without giving the victim much time to consider the decision.
Throwing Your HAT Ransomware in the Air
Nearly any Windows system with adequate anti-malware protection should block the HAT Ransomware on sight. However, users also should avoid possible exposure to this threat, and other versions of the Dharma Ransomware, when practical. For home users, malware researchers recommend rejecting illicit download-related content, a la cracks or cheats for games, enable visible extensions, and turning off particularly-exploitable features like Flash and JavaScript.
In enterprise or work environments, other security protocols also are useful. Secure passwords will remove a system from a pool of vulnerable targets for brute-forcing, either randomly-selected or targeted. Workers also should be on guard for a variety of e-mail tactics and attacks, most of which use obfuscated links or file attachments with unsafe content like macros.
Anti-malware programs will have no problems with deleting the HAT Ransomware in ordinary cases, but data recovery is only possible with appropriate backups, in most situations.
The HAT Ransomware isn't very innovative for a 'new fashion' in Trojan attacks. Like swapping out one shirt for another, it might be a superficial choice, but when one's clothing options are all poisonous to the touch, it bears remembering that there's no such thing as being too careful.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.