Despite the unusual name, Hbdalna ransomware is a classic malware of its class. It is a stealthy invader programmed to lock files on a target computer and blackmail its victims for money.
Following a successful installation, the ransomware scans its host device for target data. It will then use an advanced encryption algorithm to encrypt the detected files and prevent the victim from accessing them.
Hbdalna will also mark the corrupted files by attaching the ".hbdalna" extension to them. For example, a file named "pictures.zip" will be renamed to "pictures.zip.hbdalna."
All files with the .hbdalna extension have icons that are visible to the user. However, they cannot be opened, edited, or viewed.
Hbdalna offers its victims a solution. In a ransom note named "HOW TO RESTORE YOUR FILES.TXT," the threat operators list their demands.
Hbdalna's ransom note is a straightforward message that informs the victim that their files are encrypted. It offers decryption in exchange for Bitcoin.
Ransom note text:
All your files are encrypted and only I can decrypt them.
My mail is
email@example.com or RemotePChelper@protonmail.com
Write me if you want to return your files - I can do it very quickly!
Do not rename the encrypted files, because of this you can lose them forever!!!!!
To prove that we are not scammers and really can decrypt your files,
you can send three files for test decryption !!! (except databases, Excel and backups)
PLEASE DO NOT CREATE A NEW LETTER! RESPOND TO THE
LETTER TO THIS LETTER.
This will allow us to see all the history of the census in
one place and respond quickly to you.
!!! Do not turn off or restart the NAS equipment. This will result in data loss!!!
Victims are instructed to contact the criminals via either firstname.lastname@example.org or RemotePChelper@protonmail.com email addresses.
Additionally, victims are warned not to rename their files as this could result in permanent data loss.
As many criminals are unable to provide their victims with working decryption software, Hbdalna's operators offer free decryption of three files as proof of their technical abilities. Of course, their "generous" offer has conditions. Victims cannot send databases, Excel spreadsheets, and file backups for decryption.
How Does Hbdalna Infect Its Victims
There is no evidence that Hbdalna is used in targeted attacks. As a standard ransomware threat, Hbdalna usually spreads via mass-distribution techniques such as spam campaigns, corrupted links, pirated applications, and software activation tools.
The key to Hbdalna's successful distribution is not in the techniques it uses, but rather the victims' naivety and negligence. Hbdalna's operators set traps and wait for reckless users to fall right into them.
Sadly there is no third-party decryption tool for Hbdalna ransomware. However, experts advise against paying the ransom. Such actions do not guarantee results. More often than not, the criminals ignore their victims once the payment is made.
Victims can use backups saved on external or cloud devices to restore their files. However, experts caution that the ransomware must be completely removed before any file-recovery operation is attempted. Otherwise, the malware will corrupt the newly restored data. Furthermore, it might also infect the external device and encrypt the data saved on it!