Home Malware Programs Ransomware Hese Ransomware

Hese Ransomware

Posted: September 3, 2019

The Hese Ransomware is a file-locking Trojan from the STOP Ransomware family. The Hese Ransomware payload includes encryption routines for blocking digital media files, creating ransom notes, and disabling various security and recovery features. Windows users can resolve the side effects by recovering from their backups, or by having anti-malware products delete the Hese Ransomware safely before its attacks occur.s

The Continuing Travels of the Poorly-Named STOP Ransomware Family

Ransomware-as-a-Service can change its targeting preferences with each new pair of criminal hands on the reins. Despite this flexibility, it's rare for a RaaS's campaign to range as widely as the Hese Ransomware is doing in August of 2019. This STOP Ransomware variant is collecting victims in Pakistan, Egypt, Europe, India and Vietnam – all of them without backups.

The Hese Ransomware is the 1.57 build of its family, which is in keeping with the software's current predisposition towards rapid version iteration. However, its fundamentals are the same as the 1.45's Nasoh Ransomware, the 1.49's Nuksus Ransomware, or even the comparatively ancient Kroput Ransomware and the Moresa Ransomware. Features that malware analysts outline as being essential include:

  • The Hese Ransomware can block your documents, pictures, and other media files by encrypting them. The encryption's security depends on whether or not the Hese Ransomware can contact its server for downloading a key, and decryption without the criminal's assistance can be impractical.
  • The Hese Ransomware adds 'hese' extensions into the names of each file that it locks, which is a cosmetic addition that changes with each member of its family.
  • The Hese Ransomware can use CMD commands for deleting the user's Shadow Volume Copy backups, which form the backbone of Windows Restore Points.
  • The Hese Ransomware can create messages with ransom demands that sell its unlocking help although there's no guarantee of reciprocity after paying.

Holding a Stop Sign against a Never-Stopping Trojan Gang

Unintended advertisements of the potential revenue of Ransomware-as-a-Service arrives on the Web through victims of the Trojans' attacks regularly. Since users without backups may not have any recourse for getting their files back freely, their options narrow to losing their work or risking paying the criminal. Since the Hese Ransomware's payload has few symptoms while it runs, users have unfavorable odds of blocking the Trojan's network communication before it secures the encryption routine.

Victims have better chances of avoiding infection methods from this family, which tend towards highly-preventable exploits. RDP and brute-force attacks are blockable by running servers with appropriate passwords, software updates and administrative settings. Refusing illicit download opportunities and scanning new files with proper security software will keep the Hese Ransomware from arriving through torrents, e-mail attachments or elsewhere.

Perhaps most importantly, the usual anti-malware products for Windows machines should remove the Hese Ransomware, like every file-locking Trojan of its family, without any notable problems.

The Hese Ransomware offers its victims an unpleasant deal – pay for nothing or bury your digital belongings. A wise PC owner will take neither of these options and have a backup ready and waiting for refusing a Trojan's offer.

Related Posts

Loading...