Hello Ransomware

What is Hello Ransomware?

Needless to say, Hello Ransomware is not a welcomed infection. In fact, if it finds its way into your operating system, you will want to get rid of it as soon as possible. Unfortunately, in most cases, users realize that this infection is in only after it encrypts files and demands a ransom in return of a decryptor. As you might know already, file-encrypting ransomware is extremely malicious, and it appears that most victims end up losing their files. The main goal behind this kind of malware is to make money, and the creators of these infections push victims to pay ransoms. Decrypting personal files is not a goal that these infections have, and so users are usually left without the thing – whether it is a decryptor, a program, or a key – that was promised. Luckily, there is no need to panic because a tool that can decrypt your files should exist. Keep reading to learn more about this tool, the overall activity of the ransomware, and, of course, its removal. If you are here just to delete Hello Ransomware, scroll to the guide below.

How does Hello Ransomware work?

It is believed that Windows users might execute Hello Ransomware by downloading malicious spam email attachments. In this case, the file must be deleted immediately. Unfortunately, the ransomware can quickly create a copy of itself to ensure that the malicious attack is not stopped. This file is created in the %Temp% directory, and its name is random. On top of that, a point of execution named “Alcmeter” is created in HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN as well. That ensures that the ransomware is active even if the computer is restarted. It is most likely that the victims of this threat first discover the infection when it launches the “Error” window. This window displays the same message that is represented via a file called “HOW TO DECRYPT FILES.txt”. This file is set to open on Startup as well, and it should be placed along with all encrypted files. Surprisingly, the encryption is likely to start after the “Error” window is displayed. To encrypt files, Hello Ransomware uses the TEA cipher, which is also employed by Xorist Ransomware. Both of these threats were created using the same code, and so the same file decryptor should work for both of them.

The HOW TO DECRYPT FILES.txt file informs that “documents, photos, passwords, databases and other files are no longer accessible because they have been encrypted.” The message then suggests that a decryption key must be purchased within 12 hours. The cost of this allegedly real key is 0.05 BTC (~200 USD), which is not a lot, compared to other similar threats that demand thousands of Dollars. The message claims that the fee would be doubled after 12 hours and that files would be deleted after 24 hours if the payment was not made to 17pXroP4MruitlzpTa88FAPAGD5q5QAPzb (Bitcoin Wallet). Should you be intimidated by this warning? It is unlikely that Hello Ransomware would remove your files, but you should not ignore the situation, and the sooner you solve it, the better. First, you need to look for a legitimate file decryptor. If you cannot find it, look into backups to see if maybe you can recover your files from external or online storage. After that, immediately remove the ransomware.

How to delete Hello Ransomware

Erasing Hello Ransomware from your Windows operating system is not a terribly complicated or lengthy operation, and you can follow the instructions below if you want an easy-to-follow guide. If you are having issues with the steps you need to follow, feel free to ask us questions. Another option is to install an automated anti-malware tool, and we recommend it not only because it can automatically remove Hello Ransomware but because it can also strengthen virtual protection. That is not the only thing you should take care of. We also recommend backing up files to prevent losing them. Also, you need to start practicing safe browsing. Stop opening random spam emails, clicking on suspicious links, downloading unfamiliar programs, disclosing private information, opening security backdoors, etc. You should stay on top of security updates as well. If you do all four things (install security software, install updates, back up data, and become more cautious), malware will not have a chance of slithering in.

Removal Instructions

N.B. We recommend trying to decrypt files before you initiate removal.

1. Delete the launcher of the malicious ransomware (the name is random).
2. Tap Win+E to launch Windows Explorer.
3. Type %temp% into the bar at the top and then tap Enter.
4. Delete the copy of the malicious launcher file.
5. Delete the HOW TO DECRYPT FILES.txtfile in these directories (enter into Explorer’s bar):
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
6. Tap Win+R to launch RUN and then enter regedit.exe to access Registry Editor.
7. Navigate to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN.
8. Delete the value called Alcmeter.
9. Empty Recycle Bin to eliminate the malicious components completely. Download Removal Tool100% FREE spyware scan and
   tested removal of Hello Ransomware*