The HiddenTears ransomware is seen in various types, and the latest version which has been spotted is using the .8lock8 extension to lock victim files.
The HiddenTears ransomware is a nasty program which will try to lock each file on your computer – once it has successfully locked your files, it will attempt to force you to pay a specific amount of money in order to regain access to your files.
The HiddenTears ransomware targets the following files on the computer:
- .asp
- .aspx
- .avi
- .bmp
- .csv
- .doc
- .docx
- .htm
- .html
- .jpg
- .mdb
- .odt
- .php
- .png
- .ppt
- .pptx
- .rar
- .sln
- .sql
- .txt
- .wav
- .xls
- .xlsx
- .xml
- .zip
How to unlock .8lock8 ransomware encrypted files
The guys from bleepingcomputers have published a Decryption tool for the .8lock8 ransomware. You can download the .8lock8 ransomware decryption tool directly from their website, or you can use the Cyberwarzone mirror.
BLEEPINGCOMPUTERS
- https://download.bleepingcomputer.com/demonslay335/hidden-tear-bruteforcer.zip
CYBERWARZONE
Once you have downloaded and installed the application, make sure that you follow the following steps:
- Once a key is found, click on the “Click here to check file for success” message to preview the decrypted file. If the file looks OK, then you have the correct key!
- Once you have the key, copy the key and paste it into my HiddenTear Decrypter, and type the extension of the files (“.8lock8”). Select a folder to decrypt, and click “Decrypt My Files”.
- Also as a note, if the hash (last line of random letters) in your ransom note ends with “AH33”, you can actually skip the use of the bruteforcer and use the password “Whendiplomacyends,Warbegins.1933”. This happens if the malware failed to reach the CC server.
Thanks to Demonslay335 from BleepingComputers for providing this detailed information.