Herad Ransomware
Most cybercriminals take the easy route when they create ransomware threats, meaning that instead of building it from the bottom up, they base it on already existing, successful data-locking Trojans. This is the case with the newly uncovered ransomware threat called the Herad Ransomware. This file-encrypting threat is a variant of the popular STOP Ransomware.
Infiltration and Encryption
Security researchers have no been able to determine the exact infection vector used in the propagation of the Herad Ransomware. It is likely that faux software updates, infected applications downloaded from unsecured sources, and spam emails with corrupted attachments may be among the techniques used in the spreading of the Herad Ransomware. The Herad Ransomware starts a scan as soon as it penetrates the system targeted. The scan is meant to determine the locations of the files, which the Herad Ransomware will lock. The next step is the encryption process. The Herad Ransomware applies a new extension to the locked files – ‘.herad.’ This means that an image, which was named ‘maple-syrup.jpeg’ previously, will be renamed to ‘maple-syrup.jpeg.herad’ and will no longer be useful.
The Ransom Note
After the encryption process is completed, the Herad Ransomware will drop a ransom note. The note is called ‘_readme.txt,’ which is a signature move of most STOP Ransomware variants. The note states:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
varasto@firemail.cc
Our Telegram account:
@datarestore
Mark Data Restore
Your personal ID:’
The ransom fee demanded is $980, but the authors of the Herad Ransomware offer a 50% discount to users that contact them within 72 hours, reducing the price to $490. Then, they give out two email addresses where the victim can get in touch with them – ‘gorentos@bitmessage.ch’ and ‘varasto@firemail.cc.’ In case the user prefers Telegram as a method of communication, they have provided them with a Telegram contact too - @datarestore.
It is always wiser to keep your distance from malicious actors like the authors of the Herad Ransomware. Instead of paying up, you should look into obtaining a legitimate anti-malware application, which will keep your system secure in the future and will wipe off the Herad Ransomware from your PC once and for all.
