A decryptor for the Hacked Ransomware was released today by Emsisoft that allows victims to recover their files for free. This ransomware was active in 2017 and targeted English, Turkish, Spanish, and Italian users.
I discovered the Hacked Ransomware in 2017 and while it was not heavily distributed, it did infect numerous victims. When installed, it would display a fake Windows Update screen, while encrypting a victim's files and appending the .hacked extension to file names.
At the time it was discovered, though, a weakness could not be discovered in the ransomware's encryption scheme and users had to pay for decryption, recover from backups, or simply live without their files. Fast forward a year and half later and Michael Gillespie has discovered a weakness that allowed him to create a decryptor so that victims can recover their files for free.
This is also a perfect example of why all victims who do not have a working backup and decide not to pay a ransom should always save their encrypted files and ransom notes. This way if a decryptor is created in the future, like in this instance, you can recover your files for free.
If you were infected with the Hacked Ransomware and still have the encrypted files, simply download the decrypt_HKCrypt.exe program from the following link and save it on your desktop:
You should then run the program with administrative privileges in order to decrypt all the files that were targeted by the ransomware. Once started, the decryptor will search the computer for encrypted files that end with the .hacked extension and automatically decrypt them.
When it has finished, the Results tab will state Finished and all of your files should now be decrypted. If you need help getting this decrypter to work, feel free to ask in the comments.