HENRI IV Ransomware

By GoldSparrow in Ransomware

Translate To:

Upon infiltrating the user's computer, the HENRI IV Ransomware will initiate an encryption routine that will lock nearly all of the files stored there. Users will no longer be able to access their personal or work-related files including PDFs, docs, pictures, images, archives, databases, etc. The name of each affected file will be changed significantly. The HENRI IV Ransomware is a threatening malware belonging to the Paradise Ransomware family. The HENRI IV Ransomware will append an ID string, an email address under the control of the attackers, and a new file extension to the original name of the encrypted files. The email address is 'f**kparadise@heniiv.com' while the new file extension is .'malwarehenri.' Afterwards, the threat will drop its ransom note in the form of files named '#DECRYPT MY FILES#.html.'

To receive the decryption key from the hackers, the victims of the HENRI IV Ransomware will have to pay a ransom using the Bitcoin cryptocurrency. The exact sum is not specified in the note but apparently, it will depend on how fast the user initiates contact with the hackers. The note provides two email addresses that can be used for communication - 'fkparadise@heniiv.com' and 'fkparadise@heniiv.com.' Up to three files that do not exceed 1MB in size can be attached to the message and one of them will be decrypted for free.

The full text of the HENRI IV Ransomware's instructions is:

'Your files are encrypted!
F**K Paradise Ransomware Team! HENRI IV
Your personal ID
Your personal KEY
WHAT HAPPENED!
Your important files produced on this computer have been encrypted due a security problem.
If you want to restore them, write to us by email.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
FREE DECRYPTION AS GUARANTEE!
Before payment you can send us 1-3 files for free decryption.
Please note that files must NOT contain valuable information.
The file size should not exceed 1MB.
As evidence, we can decrypt one file
HOW TO OBTAIN BITCOINS!
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
hxxps://localbitcoins.com/buy_bitcoins/
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
write to Google how to buy Bitcoin in your country?
Contact!
e-mail: f**kparadise@heniiv.com
or
e-mail: f**kparadise@heniiv.com
Attention!
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
You are guaranteed to get the decryptor after payment
As evidence, we can decrypt one file
Do not attempt to use the antivirus or uninstall the program
This will lead to your data loss and unrecoverable
Decoders of other users is not suitable to decrypt your files - encryption key is unique.'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

HENRI IV Ransomware

Submit Comment

Related Posts

HENRI IV.A Ransomware

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen