Home Malware Programs Ransomware Hbdalna Ransomware

Hbdalna Ransomware

Posted: September 15, 2020

The Hbdalna Ransomware is a file-locker Trojan from the family of the Snatch Ransomware. The Hbdalna Ransomware may reboot the computer into Safe Mode before blocking media files with secure encryption and holding them for ransom. Users should protect themselves with both backups and anti-malware utilities for enabling the prompt removal of the Hbdalna Ransomware.

A Snatcher Sticks Around for More Money

The Snatch Ransomware's file-locking Trojan family intends to leave an impression in 2020, with new variants and campaigns appearing regularly. Although most of these new versions have yet-to-be-examined infection methodology, their payloads are well-understood and have few changes from one another. The Hbdalna Ransomware is a very recent case in this chain of barely-updated clones, using the blunt tool of encryption for turning others' files into money.

The Hbdalna Ransomware and other versions of its family are targeting most versions of the Windows operating system. The secure encryption feature that blocks media files is familiar to most file-locker Trojan families and will stop documents and similar content from opening unless the user converts them back with a custom decryption routine. The Hbdalna Ransomware's threat actor holds this decryption process under ransom with a text message to the victim – a somewhat simplified version of Snatch Ransomware's family's standard instructions.

Although malware experts see relatively few symptoms doing this encryption routine, the Hbdalna Ransomware may reboot the computer and use Safe Mode features for terminating 'unwanted' security programs and features. Most of the other symptoms are post-encryption and, therefore, after the data loss occurs, such as the 'hbdalna' extensions that the Trojans append onto files' names. Like most versions of its family, such as the Mcauwpjib Ransomware, the Hceem Ransomware, the Vfcfocxp Ransomware, and the A3C9N Ransomware, the Hbdalna Ransomware uses a randomly-picked name.

A Snatching Worth Swatting Away from Company Servers

Data points regarding old attacks from the Snatch Ransomware family show that most campaigns, if not all, target businesses with poor security for their servers. This strategy also shows some synergy with threat actors' trend using the Hbdalna Ransomware family to leak information to publicly-viewable websites. Although the last known site for Snatch Ransomware leaks is down, there's little stopping attackers from re-creating the effect with a different domain.

Malware researchers recommend monitoring server software versions for possible vulnerable worth patching by installing updates. Passwords should also be durable to resist brute-force sufficiently or dictionary attacks that 'guess' weak credentials. All users also should prepare themselves for possible attacks during contact with illicit downloads or e-mail attachments, which tend to drop threats like the Hbdalna Ransomware.

Recovery of any data that this Trojan encrypts all but requires a backup on another device. Otherwise, proven anti-malware products will serve most Windows users well by blocking most drive-by-downloads and removing the Hbdalna Ransomware as they detect it.

File-locker Trojan families find fertile ground this year, and businesses who take their data safety too lightly will find out why. A Trojan like the Hbdalna Ransomware is programmable and configurable easily but can reap outsized results when it comes to ransoms.

Loading...