Herbst Ransomware

What is Herbst Ransomware?

Herbst Ransomware (Herbst meaning autumn in German) is a malicious program that you must remove as soon as possible. However, if it has already entered your PC, then it has probably already encrypted your files because that is what this program is set to do. Currently, this ransomware is only a beta, and its full release should appear very soon. It is important to note that it has certain functions that are not active. It does not send any information to its Command and Control (C&C) server and, therefore, you will not receive the decryption key if you pay the ransom. In this short description, we are going to overview where it comes from, how it works, and how you can get rid of it.test

Where does Herbst Ransomware come from?

Given that this ransomware was tailored for the German-speaking user base, it is reasonable to think that its developers are also based in a German-speaking country, most likely Germany, but Austria cannot be ruled out as well. Our security experts have yet to find how this ransomware is distributed, but it is quite likely that it is being sent via an email service to random email addresses. Researchers say that these kinds of emails feature attachments that can come in the form of fake PDF files that are actually executables. When you open such a file, the algorithms within that file can drop it into a predetermined folder and execute it automatically.

How does Herbst Ransomware work?

As a ransomware-type infection, Herbst Ransomware is set to enter your computer silently, and when it does, it starts doing its dirty work. Our malware researchers have found that this malware is said to scan particular directories for files of interest and encrypt them using the AES-256 symmetric encryption algorithm. Research has shown that, in most cases, this ransomware encrypts files located in My Documents, My Music, and My Pictures folder, as well as those files located on the desktop. The AES-256 is a strong encryption method, so it is quite difficult to decrypt using third-party decryption tools. The encryption method of each ransomware differs so the AES-256 algorithm will differ from that of, for example, Radamant Ransomware or CryptoHasYou Ransomware. Some of these infections have weak encryption methods, and malware researchers sometimes come up with decryption tools. However, Herbst Ransomware only appeared recently, so it will be some time before a decryption tool appears, if at all.

While encrypting, this malware adds the .herbst file extension to each encrypted file. The encryption renders the files useless and inaccessible. Once the encryption has been completed, the ransomware will show you a window that tells you what to do in order to get your files back. Currently, the amount of money its developers want you to pay is 0.1 BTC, which is just a bit more than $50 USD. Not a lot considering how much other ransomware asks. Nevertheless, we want to stress that Herbst Ransomware has not been completed yet, but its developers decided to release it regardless. For the time being it does not connect to its C&C server which means that the developers do not get the decryption key that is generated during the encryption. As a result, the cyber criminals cannot give you the decryption key even if they wanted to. So we suggest that you remove it from your computer using SpyHunter or our manual removal guide. However, detecting the infection manually is a bit tricky because it can drop its executable anywhere and we do not know its file name as it is randomized.

How do I remove Herbst Ransomware?

If you insist on deleting it manually, then we suggest going to directories such as %USERPROFILE%\downloads, %TEMP%, %APPDATA%, and %LOCALAPPDATA% and looking for an oddly-named executable. If you find it, then you should right-click on it and click Delete. However, if can always eliminate the wrong file. Therefore, we advise playing it safe and suggest getting an anti-malware program to do the job for you.

Removal Guide

  1. Simultaneously press Windows+E keys.
  2. Enter the following directories.
    • %USERPROFILE%\downloads
    • %TEMP%
    • %APPDATA%
  3. Find and delete this malware’s executable.
  4. Empty the Recycle Bin.
100% FREE spyware scan and
tested removal of Herbst Ransomware*

Leave a Comment

Enter the numbers in the box to the right *