Cyber Keyhole

A decryptor for the Hacked Ransomware was released today by Emsisoft that allows victims to recover their files for free. This ransomware was active in 2017 and targeted English, Turkish, Spanish, and Italian users.

I discovered the Hacked Ransomware in 2017 and while it was not heavily distributed, it did infect numerous victims. When installed, it would display a fake Windows Update screen, while encrypting a victim's files and appending the .hacked extension to file names.

Hacked Ransomware
Hacked Ransomware

At the time it was discovered, though, a weakness could not be discovered in the ransomware's encryption scheme and users had to pay for decryption, recover from backups, or simply live without their files. Fast forward a year and half later and Michael Gillespie has discovered a weakness that allowed him to create a decryptor so that victims can recover their files for free.

This is also a perfect example of why all victims who do not have a working backup and decide not to pay a ransom should always save their encrypted files and ransom notes. This way if a decryptor is created in the future, like in this instance, you can recover your files for free.

Decrypting the Hacked Ransomware

If you were infected with the Hacked Ransomware and still have the encrypted files, simply download the decrypt_HKCrypt.exe program from the following link and save it on your desktop:

HKCrypt Decryptor

You should then run the program with administrative privileges in order to decrypt all the files that were targeted by the ransomware. Once started, the decryptor will search the computer for encrypted files that end with the .hacked extension and automatically decrypt them.

Hacked Ransomware Decryptor
Hacked Ransomware Decryptor

When it has finished, the Results tab will state Finished and all of your files should now be decrypted. If you need help getting this decrypter to work, feel free to ask in the comments.

Related Articles:

REvil ransomware member extradited to U.S. to stand trial for Kaseya attack

Free decryptor released for HermeticRansom victims in Ukraine

The Week in Ransomware - February 11th 2022 - Maze, Egregor decryptors

Free decryptor released for TargetCompany ransomware victims

Automotive giant DENSO hit by new Pandora ransomware gang