Healforyou Ransomware

The Healforyou Ransomware is an encryption ransomware Trojan, designed to take victims' files hostage by encrypting them and then demanding a ransom payment from the victim. The Healforyou Ransomware belongs to the Globe Imposter family of ransomware, which has been active since December 2016. The Healforyou Ransomware variant was first observed on January 24, 2019, and carries out a typical version of these attacks.

How the Healforyou Ransomware Infection Works

The Healforyou Ransomware attack is typically delivered to victims via corrupted spam email attachments. Once the Healforyou Ransomware has been installed, it will use the AES encryption to make the victim's files inaccessible. The Healforyou Ransomware targets the user-generated files, which may include images, media files, databases, configuration files and numerous content types. The files typically targeted by threats like the Healforyou Ransomware include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Healforyou Ransomware marks the files encrypted by its attack by adding the file extension '.healforyou' to each affected file's name. The Healforyou Ransomware delivers its ransom note in an HTML file named 'how_to_back_files.html,' which will be exhibited on the infected computer's desktop. This file contains the following message:

'YOUR PERSONAL ID
[random characters]
ENGLISH
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
The only method of recovering files is to purchase an unique private decryptor.
Only we can give you this decryptor and only we can recover your files.
For fast data recovery and vulnerability removal, contact us by e-mail:
healforyou@outlook.com
healforyou@cock.li
We guarantee full recovery after payment. To confirm the ability to return files, we decrypt one file for free. Attach to your email 1 test file. In the letter include your personal ID (look at the beginning of this document).
We will give you the decrypted file and assign the price for decryption all files.
After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions.

Attention!
Only healforyou@outlook.com or healforyou@cock.li can decrypt your files.
Do not attempt to remove the program or run the anti-virus tools.
Attempts to self-decrypting files will result in the loss of your data.
Modify encrypted files will result in the loss of your data.
Decoders other users are not compatible with your data, because each encryption key unique and will result in the loss of your data.'

Dealing with the Healforyou Ransomware Infection

Computer users are advised to refrain from accepting the instructions in the Healforyou Ransomware ransom note. The best protection against threats like the Healforyou Ransomware is to have file backups. In the event of an attack, the compromised files can be replaced with backup copies after the Healforyou Ransomware infection itself is removed with an anti-malware program.