Hets Ransomware

Among the newest ransomware threats lurking the Web is the Hets Ransomware. Upon uncovering the Hets Ransomware, researchers studied this Trojan and found that it belongs to the infamous STOP Ransomware family. Instead of building their own file-locking Trojans, most cyber crooks who distribute threats of this type opt to use the source code of an already existing threat and alter it to their liking. This not only cut back time but also enables cybercriminals with less experience to propagate ransomware threats.

Propagation and Encryption

The dissemination methods involved in the spreading of the Hets Ransomware have not yet been disclosed. Browsing dodgy websites and downloading pirated content can increase your chances of getting your system infected by a ransomware threat greatly. Authors of data-encrypting Trojans often use spam emails with macro-laced attachments, bogus software updates, torrents trackers, and fraudulent pirated versions of popular applications to distribute their threatening creations. Ransomware threats usually target a wide variety of file types. Rest assured that all images, documents, videos, databases, archives, audio files, presentations, etc. will be encrypted by this nasty threat most certainly. The Hets Ransomware applies a complex encryption algorithm to lock the targeted data. When t he Hets Ransomware encrypts a file, it will append a new extension to the end of the file name. The extension that the Hets Ransomware uses is '.hets.' A file that was named 'pacific-ocean.jpeg' originally will be renamed to 'pacific-ocean.jpeg.hets' as soon as the encryption process of the Hets Ransomware has been completed.

The Ransom Note

In the next step of the attack, the Hets Ransomware will drop its ransom note on the desktop of the user. The ransom message of the Hets Ransomware is contained in a file called '_readme.txt,' which is a symbol of data-locking Trojans that belong to the STOP Ransomware family. The attackers explain that the ransom fee is $490, but users who fail to get in touch with them within three days of the attack will have to pay double the price - $980. As a proof that the attackers have a functioning decryption key that is capable of reversing the damage done to the user's files, they offer to unlock 1-2 files for free, provided that they do not contain any important information. The attackers give out two email addresses where they can be contacted - ‘datahelp@iran.ir' and ‘datarestorehelp@firemail.cc.'

You can take advantage of the attackers' offer and get 1-2 of your files decrypted for free. However, we advise you against paying the ransom fee because cybercriminals do not tend to keep their promises. This is how countless victims of ransomware have been left disappointed and empty-handed despite paying the ransom fee demanded. Instead, download and install a genuine anti-spyware solution that will help you wipe off the Hets Ransomware from your PC once and for all.