What is Haze ransomware? And how does it work?
Haze ransomware is a screen-locking malware spotted on August 30, 2017. This malicious program lacks technical ransomware features. As you can see on the illustration above, it displays a Petya-inspired red window with an ASCII skull in it. This fake encryption program tricks users into believing that their files are encrypted and asks them to pay for a € 25 PaySafeCard in exchange for the files.
Haze ransomware also goes by the name of Haze virus which was the name given to it by its developers. It attacks your computer using a malicious executable file named HazeRansomware.exe. It is known to be targeting English-speaking users but that doesn’t necessarily mean that it won’t affect other users around the globe. And since it doesn’t encrypt any files, during its attack, it will only lock your computer screen with a message that says:
“Welcome to haze Virus
The harddisks of your computer have been locked with a military grade encryption algorthm. There is no way to restore your data without a special key. You can get this key for 25€ if you folow the steps below.
1.Enter your E-Mail address below.
2.Enter a 25€ Paysavecard code below.
3.Click on ok, after a few time you will get a E-Mail from us with the Key.
Enter your E-Mail address: [ ]
Enter 25€ Paysavecard code: [ ]
Enter your Key: [ ]”
The screen-locking malware will ask you to provide your email address and a code of a Paysafecard worth € 25. It then asks you to click the Ok button to send the information to them in order to receive the key to unlock your computer.
Clearly, there is no need for you to panic and pay the ransom if you suddenly find your computer locked with the Haze virus since it does not really encrypt your files. The best thing to do is to terminate it from your computer right away.
How is Haze ransomware distributed?
The Haze virus can reach your computer in the form of a ZIP file which is sent via soam emails. Keep in mind that the ZIP file might be wrapped into a Word or JS file which is archived using 7-Zip to trick you into opening the malicious executable file. That is why it is strongly recommended that you should check any suspicious emails first before you open them especially if they’re from strangers or if they are somewhat an email that disguises to be something important such as receipt, invoice, etc. In fact it would be a lot better if you delete these kinds of emails as soon as they pop into your inbox so wouldn’t make a mistake of opening them.
To avoid these attacks, you must always keep your antivirus programs and your system up-to-date. That way, malware like Haze won’t make it past your security programs. And besides it is known that most cyber criminals take advantage of system vulnerabilities to take over your computer.
Terminate the Haze ransomware using the complete set of instructions below in order to continue using your computer safely. Keep in mind that these kinds of infections often spread in a bundle with other types of malicious infection.
Step 1: To unlock your screen and to access Desktop, tap the Win + D keys.
Step 2: Right click on Haze ransomware’s window and close it.
Step 3: Open Windows Task Manager by pressing Ctrl + Shift + Esc at the same time.
Step 4: Go to the Processes tab and look for HazeRansomware.exe and any suspicious processes and then kill them.
Step 5: Open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 6: Look for Haze Ransomware or any suspicious program and then Uninstall them.
Step 7: Hold down Windows + E keys simultaneously to open File Explorer.
Step 8: Go to the directories listed below or any other directories that you might have saved the malicious file related to the Haze virus.
Step 9: Look for a malicious file named HazeRansomware.exe and other suspicious-looking files and delete them.
Step 10: Empty the Recycle Bin.
Follow the continued advanced steps below to ensure the removal of the Haze Ransomware:
Perform a full system scan using SpyRemover Pro
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.