Hitobito Ransomware Locks Victim Systems

Hitobito functions as a ransomware program, encrypting files and demanding payment for their decryption. During testing, it was observed that Hitobito appended a ".hitobito" extension to the filenames of encrypted files. For instance, a file named "1.jpg" would be renamed to "1.jpg.hitobito" after encryption, and similarly for other affected files. Following encryption, a ransom note appeared in a pop-up window and was also saved as a text file titled "KageNoHitobito_ReadMe.txt". The contents of both messages were identical.

These ransom notes inform the victim about the encryption of their data and instruct them to contact the attackers via chat on a Tor network website to negotiate the decryption price.

Fortunately, on the specific sample tested, Hitobito was found to be decryptable, with the decryption password/key being "Password123".

It's important to note that future iterations of this malware may use different recovery keys. Typically, ransomware encryptions cannot be decrypted without the involvement of the attackers, as they often employ strong cryptographic algorithms and unique keys.

Victims will frequently not receive the recovery keys or software even after meeting ransom demands. Therefore, it is strongly advised against paying the ransom, as there is no guarantee of file decryption, and doing so also supports criminal activities.

Why Paying Ransom to Hackers is a Bad Idea?

Paying ransom to hackers is generally considered a bad idea for several reasons:

No Guarantee of Decryption: There's no assurance that paying the ransom will result in the safe decryption of your files. Even if the attackers provide decryption tools or keys, they might not work properly, leaving your data inaccessible.

Supporting Criminal Activities: Paying ransom encourages and financially supports criminal activities. It funds the development and proliferation of more sophisticated malware, leading to increased cybercrime.

Potential Repeat Targeting: Paying the ransom once might make you a target for future attacks. Attackers may see you as someone willing to pay and thus continue to target you for additional extortion attempts.

Legal and Ethical Concerns: Paying ransom might violate laws and regulations in some jurisdictions. It also raises ethical concerns, as it indirectly supports criminal enterprises engaged in extortion and other illegal activities.

Funding Other Criminal Acts: The money obtained from ransom payments can be used to finance other criminal acts, including terrorism, human trafficking, and drug trafficking, contributing to broader societal harm.

Encouraging More Ransomware: Successful ransom payments incentivize cybercriminals to continue developing and distributing ransomware, leading to more victims and perpetuating the cycle of extortion.