MoWare H.F.D ransomware

MoWare H.F.D is a ransomware cryptovirus that displays a window with a ransom message. The ransomware is a variant of HiddenTear and places the extension .H_F_D_locked after encryption. MoWare H.F.D ransomware might also distribute its payload file through spam emails, social media and file-sharing services. MoWare H.F.D ransomware makes entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

The MoWare H.F.D Ransomware is perceived as a very threatening Trojan because it is designed to encrypt 666 file types and support limiting the user’s control of the OS. A detailed report from cyber security researchers revealed that the MoWare H.F.D Ransomware could terminate access to the Registry Editor, the Task Manager, and the Command Line tool. Server administrators may have a hard time purging the MoWare H.F.D Ransomware from their network. The Trojan is associated with the ‘.H_F_D_locked’ string that is used a marker to inform users which files have been encrypted. For example, ‘Stars shack.png’ is renamed to ‘Stars shack.png.H_F_D_locked’ and the Windows Explorer does not generate a thumbnail for the photo. The encryption process may trigger error reports in database managers like MySQL, OracleDB and MongoDB. The ransom notification is generated as a program window named ‘MoWare H.F.D’ that says:

Your Personal Files has been Encrypted and Locked
Your documents, photos, databases and other important files have been encrypted with strongest encryption and locked with unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
Caution: Removing of MoWare H.F.D will not restore access ti your encrypted files.
Frequently Asked Questions
What happened to my files ? understanding the issue
How can i get my files back ? the only way to restore your files
What should i do next ? Buy decryption key
Now you have the last chance to decrypt your files.
1. Buy Bitcoin (
2. Send amount of 0.02 BTC to address: 15nbyuacLHfm3FrC5hz1nigNVqEbDwRUJq
3. Transaction will take about 15-30 minutes to confirm.
4. When transaction is confirmed, send email to us at

You should NOT under any circumstances pay the ransom. Your files may not get restored, and nobody could give you a real guarantee. Moreover, giving money to cybercriminals will likely motivate them to create more ransomware or do other criminal activities. You should keep an updated Anti Virus program such as Max Total Security which provides daily back and easy to restore mechanism in case you get infected with any of the Ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>