Home Malware Programs Ransomware Heets Ransomware

Heets Ransomware

Posted: February 18, 2019

The Heets Ransomware is a variant of the Dharma Ransomware edition of the Crysis Ransomware family. The Heets Ransomware can change extensions on your files after locking them by encrypting their data and will create both text files and pop-ups with its ransoming demands. The users can back their work up for protecting it from all file-locking Trojans and have their anti-malware product remove the Heets Ransomware safely as soon as the software detects it.

The 'Heet' is Cranking Up on Your Files

Unremarkably, the productivity of new variants of the Dharma Ransomware remains undiminished as the cyber-security industry finds more samples from ransom-craving criminals. The Heets Ransomware is a new release in a line that includes, recently, threats like the 'korvin0amber@cock.li' Ransomware and the 'backdata@qq.com' Ransomware, as well as the more-elderly Makdonalds@india.com Ransomware and the 'Bitcoinpay@india.com' Ransomware. While any infections will precipitate other symptoms, most users' foremost concerns will be regarding the 'Bitcoinpay@india.com' Ransomware's file-blocking behavior.

The Heets Ransomware and other versions of the modern Dharma Ransomware use the AES encryption in a hidden, background process for locking the user's documents and other media automatically. Because this encryption, by itself, could be reversible, the Heets Ransomware also uses an RSA key, in the ownership of the threat actor, for securing the lockdown state. These non-opening files are most easily detectable by searching for content with the 'heets' extension that the program adds, as well as a bracketed e-mail address (for ransom negotiations).

As usual, the Heets Ransomware generates both Notepad text and an advanced Web page for more detailed ransoming directions. The Heets Ransomware offers a free sample of the decryption service for unlocking files, which could be useful to some victims. However, the continuing insistence on Bitcoin makes payments a high-risk solution that malware experts can't recommend for users with any alternate recovery paths.

Simple Self-Defense from the Next RaaS Assault

Due to the Heets Ransomware's family using a dynamic key for securing the encryption, unlocking the files could be impossible for the users, unless the threat actors' suffer a breach of their key databases, as occurred with an old version of the Crysis Ransomware. Users without an interest in waiting for that unlikely possibility should be diligent about backing their files up onto other devices that the Heets Ransomware can't encrypt or delete. The Restore Points are, in most cases, subject to removal by members of the Crysis Ransomware family.

Infection techniques that malware experts connect with file-locking Trojans' campaigns regularly include:

  • Spam e-mails can deliver attachments or linked URLs to Trojan droppers and downloaders for installing the threat.
  • Torrents and other, illicit download sources are potential infection vectors, more often, for recreational PC users.
  • Brute-force attacks can crack passwords with insufficient protection (for example, by being excessively short or using the factory setting values) and let the criminals gain manual access.

Ransomware-as-a-Service threats are semi-variable in their symptoms, but most variants are easily-detectable by the majority of cyber-security programs. Have your anti-malware software delete the Heets Ransomware before taking further action for saving any files.

The Heets Ransomware isn't much different from the past versions of the family that malware experts could confirm. Since there's no need to change a working model of doing (illicit) business, change can only come through the users protecting their media more robustly.

Loading...