HildaCrypt ransomware is relatively unpopular, but users affected by this ransomware can now decrypt using the keys provided by their developers. The ransomware developer has provided its key to the security company EMSISOFT, users download their security software and then follow the prompts to decrypt. The file suffix of this ransomware encryption is usually .HCY! and MIKE. If the victim is encrypted, the file suffix can be used for decryption. The user can judge whether he or she meets the free decryption condition according to the above information, and if it matches, the decryptor provided by the security company can be downloaded to decrypt.
— Cyber Security (@GrujaRS) October 4, 2019
This ransomware has also been packaged and made into versions by other hackers. The ransomware developer said that the development of ransomware was only fun, and now it is reasonable to provide a free decryption tool. However, the researchers have noticed that this variant of ransomware has begun to spread, so developers should publicly decrypt the key mainly because they don’t want this ransomware to spread.
The developer’s public master encryption key can unlock the encryption of its variant version, so the software has little meaning for those variant developers. This approach can help users decrypt files that are encrypted by variants, and prevent variants from continuing to spread, so it’s a good decision.
You can download the HildaCrypt decryption here.