For HomeFor BusinessFor Partners
Free Tools Anti-Malware Research
2 min read

RanHassan Ransomware Decryptor Now Available

Bitdefender

November 07, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
RanHassan Ransomware Decryptor Now Available

A new decryptor for the RanHassan ransomware is now available for download. First isolated in May 2022, this family of ransomware seems to primarily target victims in India and Arab-speaking countries.

The tell-tale signs of a RanHassan infection are the presence of ransom notes called ATENTION...ATENTION...ATENTION...ATENTION...ATENTION....hta  referencing [[email protected]](mailto:[email protected]) and [[email protected]](mailto:[email protected]).

How to decrypt ransomed files

Step 1: Download the decryption tool below and save it on the infected device:

Download the RanHassan decryptor

Step 2: Run the tool and accept the End User License Agreement.

Step 3: Select a folder to scan for encrypted files or let the tool find all files on the system. In order for the tool to identify the correct keys, you need at least one encrypted file and its unencrypted version.

Step 4: Start the decryption process and let the tool run until all files are decrypted.

Silent execution (via cmdline)

The tool can also be executed silently via a command line. If you need to automate the deployment of the tool inside a large network, you might want to use this feature.

•  -help -  will provide information on how to run the tool silently (this information will be written in the log file, not on console)

•  start  -  this argument allows the tool to run silently (no GUI)

•  -scan-path  -  this argument specifies the path containing encrypted files

•  -full-scan  -  will enable the Scan entire system option (ignoring -scan-path argument)

•  -disable-backup  -  will disable the file Backup option

•  -replace-existing  -  will enable the Replace previously decrypted files option

•  -test-path - specifies a folder containing pairs of clean-encrypted files

Examples:

  • BDRanHassanDecryptTool.exe start -scan-path: C:\  -> the tool will start with no GUI and scan C:\
  • BDRanHassanDecryptTool.exe start -full-scan  -> the tool will start with no GUI and scan the entire system
  • BDRanHassanDecryptTool.exe start -full-scan -replace-existing  -> the tool will scan the entire system and overwrite present clean files

Acknowledgement

This product includes software developed by the OpenSSL Project, for use in the OpenSSL Toolkit (http://www.openssl.org/)

K7Security Labs have published a technical analysis of the RanHassan (DCDcrypt) here.

tags

Free Tools Anti-Malware Research

Author

Bitdefender

Bitdefender

The meaning of Bitdefender’s mascot, the Dacian Draco, a symbol that depicts a mythical animal with a wolf’s head and a dragon’s body, is “to watch” and to “guard with a sharp eye.”

View all posts

Right now Top posts

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
Anti-Malware Research

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware

June 08, 2023

5 min read
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
IoT Research Whitepapers

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

May 02, 2023

2 min read
EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Anti-Malware Research Free Tools

Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor

January 05, 2023

1 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

NodeStealer attacks on Facebook take a provocative turn – threat actors deploy malvertising campaigns to hijack users’ accounts
Anti-Malware Research

NodeStealer attacks on Facebook take a provocative turn – threat actors deploy malvertising campaigns to hijack users’ accounts
A Deep Dive into Stream-Jacking Attacks on YouTube and Why They're So Popular
Anti-Malware Research

A Deep Dive into Stream-Jacking Attacks on YouTube and Why They're So Popular
Check-Out With Extra Charges - Vulnerabilities in Hotel Booking Engine Explained
Anti-Malware Research Whitepapers

Check-Out With Extra Charges - Vulnerabilities in Hotel Booking Engine Explained

Bookmarks

loader