Home Malware Programs Ransomware Herad Ransomware

Herad Ransomware

Posted: July 17, 2019

The Herad Ransomware is a file-locker Trojan that can stop your documents and other media from opening. Its attacks leverage encryption for data-blockading purposes, after which, it leaves a ransom demand for its unlocking help. Users should disable network connectivity and have anti-malware tools quarantine or delete the Herad Ransomware for stopping any future damage.

Another Name in the STOP Ransomware Family Tree

The STOP Ransomware's Ransomware-as-a-Service has another feather in its cap, by the name of the Herad Ransomware – just the latest version of the file-locking Trojan. At 1.16, the Herad Ransomware continues the predictable progression of this RaaS's development, with any newly-introduced features, likely, focusing on avoiding AV threat-detecting databases and methodology. For users, however, what's most important is the limited chance they have of getting any files back from the Herad Ransomware's attacks.

The standardized, file-blocking attacks of the Herad Ransomware's family employ AES encryption for keeping Word or PDF documents, JPG or GIF pictures, archives, and other media from opening on the compromised computer or server. The Herad Ransomware's sole point of differentiation from its relatives – including new and old ones like the Litar Ransomware, the Nusar Ransomware, the Dotmap Ransomware, and the INFOWAIT Ransomware – is the 'herad' extension it places on their names. If the Herad Ransomware can contact its server, it retrieves a dynamic key for the encryption; otherwise, it uses an internal one.

The other tradition that the Herad Ransomware upholds is generating a Notepad text file, which is its means of delivering a ransom demand to any victims. It provides contact methods (including an apparently-shared account with BitMessage), a video demonstration, and a nearly one thousand USD price for its decryption help. Note that malware researchers don't recommend navigating to the Web link in the Herad Ransomware's message without additional security measures, since it may redirect victims to corrupted content, such as an Exploit Kit's hosting page.

The Cheapest Ways of Dealing with Thousand-Dollar Trojans

Victims of the Herad Ransomware's offline encryption method may recover their work through free software. However, most cases of C&C-based encryption are obtuse to decryption solutions. The Herad Ransomware, also, may remove any local ShadowVolume Copies, which makes a non-local backup any user's best bet for data restoration.

E-mail and Remote Desktop-hacking of vulnerable servers are possible introduction methods for this threat's family members. However, malware researchers also connect the Herad Ransomware's heritage to infections that use tactic downloads, such as fraudulent key generators or cracks on torrenting networks. Avoiding illicit and unofficial downloading resources will reduce your exposure to file-locker Trojans from STOP Ransomware's family, along with other threats significantly.

Anti-malware products can't decrypt media. They can, on the other hand, hold Trojans of this family in quarantined isolation or delete the Herad Ransomware entirely, as is necessary for maintaining the safety of your PC.

The Herad Ransomware doesn't step outside of the well-trod routines of its ancestors, but that fact isn't a cause for complacency. File-locker Trojans evolve when they need to do so, and users failing at archetypal security tests always will be at risk of losing their work to these threats.

Related Posts

Loading...