HiddenBeer Ransomware

The HiddenBeer Ransomware is a file-locking Trojan that uses the base of Hidden Tear for enabling encryption-based data attacks. While there are free decryptors for Hidden Tear that may unlock your files, you should protect any valuable work on your hard drive by backing it up to another device for a more guaranteed recovery possibility. Because of its unauthorized Registry changes and possible C&C communications that could cause other issues during its uninstallation, users should leave removing the HiddenBeer Ransomware to their dedicated anti-malware programs.

Hidden Tear Falls Off the Pun Wagon

Threat actors are just testing out another version of Hidden Tear, Utku Sen's 'educational' resource that shows how criminals can encrypt files and deliver ransoming notes to their owners. The HiddenBeer Ransomware has a slightly more dynamic ransom note than most file-locker Trojans from this family, although it does bear a resemblance to the RansomMine Ransomware, the Scrabber Ransomware, the Shrug2 Ransomware or last year's Rastakhiz Ransomware. Although it has some changes to its appearance, the HiddenBeer Ransomware's principle issue is its capability for blocking your digital media.

Initial attacks by the HiddenBeer Ransomware run an AES encryption sequence on any media it finds on the user's available drives, such as spreadsheets, pictures, documents, movies or audio. While it's not a standard among most versions of Hidden Tear, which don't require network connectivity, some sources are reporting that the HiddenBeer Ransomware also includes C&C file-downloading features for dropping and running additional components, which malware experts can't yet confirm. On the other hand, all versions of the HiddenBeer Ransomware do have advanced pop-up generating capabilities, which it pairs with the decryption executable.

The HiddenBeer Ransomware's decryptor, or file-unlocking program, loads the decryption sequence for recovering your files after the appropriate key is input. The same window also includes a warning message and a request for Bitcoins to be sent to a predetermined wallet address, which purchases the criminal's key. The use of Bitcoin as a favorable ransom currency is typical of most file-locker Trojans' campaigns, and provides both some degree of anonymity to the threat actors and protects them from any refund attempts – even if they don't give you the code.

Going Teetotaler on the HiddenBeer Ransomware

The HiddenBeer Ransomware's name may be an attempt at 'cashing in' on the news industry's coverage of alcohol-related scandals surrounding the latest US Supreme Court nominee, or a complete coincidence of timing. Its only other symptom that carries this theme is the extension that it tags any blocked or encrypted content with ('.beer'), which can help users with sorting the affected files from unencrypted ones. As per the usual, malware experts don't classify the HiddenBeer Ransomware as being threatening to the underlying operating system, but only to work and recreational data, such as text files and other media.

Business employees and server administrators may compromise their networks by opening unsafe e-mail attachments, such as fake receipts. Brute-force attacks are, also, commonplace among threat actors trying to hold hostage the files of servers with vulnerable login credentials, such as an easily-guessed password. Anti-malware products have few issues with removing the HiddenBeer Ransomware, or other versions of the Hidden Tear family, on sight, but can't unlock or decrypt your files.

With a hundred dollar ransom, the HiddenBeer Ransomware is more costly than either a beer or a good backup strategy substantially. Users not wanting to pay for a criminal's drinks should keep their files, or, at least, spare copies of them, under lock and key.