Hi Buddy! is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on January 1, 2016, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
Hi Buddy!
First Seen
January 1, 2016
How Hi Buddy! Ransomware Works
File Encryption Patterns
Hi Buddy! modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..cry
Ransom Note and Payment Demands
After encrypting files, Hi Buddy! displays ransom notes demanding payment for file recovery:
message
Ransom message:
notes/note.txt
Note locations:
Login
fileREAD_ME.txt
Ransom message:
notes/READ_ME.txt
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with Hi Buddy! ransomware:
26ab573f7b66433e9c
t11.exe
956c799d060244e4ba
b07b7091227c4a17b5
24ad60cbf60b4944ab
ransom.exe
27bccbd3e8024fef9a
sec_check.scr
ransom
sec_check.scr.exe.bin
Samas.exe
Elastio Can Help You
Don't let Hi Buddy! ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This Hi Buddy! ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Hi Buddy!.