Howareyou ransomware is yet another new malware that encrypts files. It changes file names to all lowercase and adds the .howareyou file extension, as well as drops the __read_me_.txt ransom note.
Howareyou ransomware is a very typical file encrypting malware that does not appear to belong to any larger malware family. It not only encrypts users’ files but also threatens to share the files if users do not agree to pay the ransom.
Users will be able to identify this ransomware from the .howareyou extension added to encrypted files. Files with that extension will be unopenable until users use a decryptor on them. However, obtaining the decryptor is not that easy. The cyber crooks behind this ransomware will try to sell the decryptor to victims, though the price is not mentioned in the __read_me_.txt ransom note that the ransomware drops. Whatever the price may be, users are strongly discouraged from paying the ransom because there are no guarantees that files will be decrypted. Users should be aware that they are dealing with criminals who likely do not feel obligated to help users recover files. So while paying may seem like a good option, users should know that it’s quite risky.
At this time, the only ones who can recover files for free are those who have backup. However, before accessing the backup, users should fully remove Howareyou ransomware from their computers. If it still remains, it could encrypt backed up files as well.
It should be mentioned that malware researchers are sometimes able to develop free decryptors to help users, but it’s not always possible. However, if a free decryptor for Howareyou ransomware was to be released, it would likely appear on NoMoreRansom. Users who have no options left should remove the ransomware, back up the encrypted files and regularly check for a decryptor. However, users should be aware that there are many fake decryptors advertised on various websites. Users should be very cautious about what they download as they could end up with additional malware.
Is it possible to avoid a ransomware infection
The majority of ransomware infections can be avoided if users have good browsing habits. Users who have bad browsing habits have a much higher chance of picking up some kind of malware infection. So as long as users avoid carelessly opening email attachments, downloading questionable torrents and clicking on ads while visiting high-risk websites, they should be able to dodge malware.
It’s most common for users to pick up ransomware via torrents. Torrent sites are often either very poorly regulated, or not regulated at all, which allows cyber crooks to easily upload their malicious software disguised as some kind of popular movie, TV show, game, etc. It’s especially common to find malware in torrents to content that’s particularly popular at the time. When TV series Breaking Bad was airing, it’s wasn’t uncommon to find malware in torrents for episodes. Thus, users are greatly discouraged from torrenting pirated content, not only because it’s stealing content but also because it’s dangerous for the computer and user data.
Another common method via which ransomware infects computers is email attachments. If users do not pay attention to what email attachments they open, they will eventually end up opening a malicious one. Cyber crooks buy email addresses from hacker forums, compose a generic email, add a malicious attachment, and send it to thousands of users. Users who open the attachment end up infecting their computers with malware. Fortunately, by simply paying attention, users should be able to easily spot a malicious email as they often are quite obvious. They are generally sent from random email addresses, contain loads of grammar and spelling mistakes, and strongly encourage users to open the attached files. Just to be sure that the attached files are safe, all unsolicited email attachments should be scanned with anti-virus software or VirusTotal before they are opened.
Can encrypted files be recovered?
As soon as the ransomware enters a computer, it will start file encryption. It encrypts files like photos, videos and documents, and changes their file names to all lower case and add .Howareyou extension. For example, Image.jpg would become image.jpg.Howareyou. All files with that extension will be unopenable until they are decrypted with the special decryptor.
The ransomware will drop the __read_me_.txt ransom note, which will demand that users send an email to the provided email address in order to obtain instructions on how to proceed. Users will be requested to pay a ransom, though the sum is not known as it’s not mentioned in the ransom note. However, as we said above, paying the ransom is very risky as it does not guarantee that a decryptor will be sent.
Here is the ransom note:
Your files have been encrypted and copied to our private servers!
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
But keep calm! There is a solution for your problem!
For some money reward we can decrypt all your encrypted files.
Also we will delete all your private data from our servers.
To prove that we are able to decrypt your files we give you the ability to decrypt 2 files for free.
So what is you next step ? Contact us for price and get the decryption software.
Our Mail: firstname.lastname@example.org
We would share your SENSITIVE DATA in case you refuse to pay.
Unfortunately, only users who have backup can recover files at this current time.
Howareyou ransomware removal
Users should use anti-virus software to delete Howareyou ransomware from their computers. If they attempt manual Howareyou ransomware removal, they may end up causing even more damage.
Howareyou ransomware is detected as:
- Trojan.GenericKD.35166310 by BitDefender
- Ransom.FileCryptor by Malwarebytes
- Ransom:Win32/HwruGo.SV!MTB by Microsoft
- Trojan-Ransom.Win32.Encoder.kqn by Kaspersky
- Artemis!DFA525C751C4 by McAfee
- Trojan.GenericKD.35166310 (B) by Emsisoft