HeroesOftheStorm Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 9 |
First Seen: | September 15, 2017 |
Last Seen: | June 12, 2022 |
OS(es) Affected: | Windows |
The HeroesOftheStorm Ransomware is an encryption ransomware Trojan that was first observed on September 13, 2017. Ransomware Trojans like the HeroesOftheStorm Ransomware are designed to encrypt the victims' files, demanding a ransom payment in exchange for the decryption key necessary to restore the affected files. The HeroesOftheStorm Ransomware is based on HiddenTear, an open source ransomware platform that was first observed in August 2015. Since the liberation of HiddenTear, countless variants of this ransomware family have been used to attack computer users, with the HeroesOftheStorm Ransomware just being one of the latest. The HeroesOftheStorm Ransomware receives its name because it claims that if the victim plays the popular Blizzard PC video game 'Heroes of the Storm' for 24 hours, the HeroesOftheStorm Ransomware will decrypt the affected data.
The Consequences of Fake Heroes Lurking Around Your Files
The HeroesOftheStorm Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make the victim's files inaccessible. The HeroesOftheStorm Ransomware will mark the files encrypted by the attack with the file extension '.HeroesOftheStorm' added to the end of each affected file's name. The files encrypted by the attack will no longer be readable and will appear as blank icons in Windows Explorer. The HeroesOftheStorm Ransomware targets the files generated by the user while allowing the Windows operating system to continue to run normally. The HeroesOftheStorm Ransomware targets some file types, which include:
.docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg, .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The HeroesOftheStorm Ransomware runs as 'restolocker.exe,' which also has led to it being known as the 'RestoLocker Ransomware.' The HeroesOftheStorm Ransomware will display a program window with the title 'Play Heroes of The Storm,' with a logo of this game and instructions on how the HeroesOftheStorm Ransomware attack works in its attack. The HeroesOftheStorm Ransomware does not connect to Command and Control servers. Although the HeroesOftheStorm Ransomware has all the characteristics of a prank attack, its implementation of a strong encryption algorithm means that the HeroesOftheStorm Ransomware has the potential to cause severe damage to the victim's data. The HeroesOftheStorm Ransomware will display the following 'ransom note' in its attack, which claims that if the victim plays Heroes of the Storm for 24 hours, the HeroesOftheStorm Ransomware will restore the victim's files:
'Play Heroes of The Storm!
Your Personal files are encrypted
I encrypted your personal files. Heroes of The Storm is the god game. But people don't know that. So, I made this program that make people play Heroes of The Storm. To dectrypt your files, follow this procedure.
First, You have to install Heroes of The Storm,
Second, Play Heroes of The Storm 24hours.
(Only Play Time Will be Recorded)
NOW, let's play the King God Emperor General Chungmoogong Majesty Game HEROES OF THE STORM
*Warning* Do NOT KILL This program and Computer.
HEROES
OF THE STORM
[TIMER]'
Preventing a HeroesOftheStorm Ransomware Attack
The most common way in which the HeroesOftheStorm Ransomware will reach the victims is through the use of corrupted spam email messages, which may use social engineering tactics to download and install the HeroesOftheStorm Ransomware. This threat also may be delivered through file-sharing networks, particularly through cracks and hacking software used to cheat on online games. File backups are the best prevention against these threat infections. File backups will help computer users restore their files without having to cave into the ridiculous demands of the HeroesOftheStorm Ransomware. It is yet unconfirmed if playing Heroes of the Storm will indeed result in the files being decrypted.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.