Hets Ransomware

What is Hets Ransomware?

You might think that your operating system is an impenetrable fortress, but Hets Ransomware will prove you wrong if you give this malware a single opportunity to do so. Security loopholes within spam emails, bundled downloaders, social engineering scams, and RDP backdoors can be used by cybercriminals to drop pretty much anything onto an unguarded operating system. If it is guarded appropriately, the launcher of the threat is removed instantly. If it is not guarded, the ransomware proceeds to hook its claws into your system and silently encrypt all found personal files. Documents, videos, and photos are amongst the files that the ransomware corrupts, and these are the kinds of files that most Windows users are desperate not to lose. Unfortunately, once your files are encrypted, even deleting Hets Ransomware will not save them. So what are you supposed to do? Should you obey the attackers and pay the ransom they demand?

How does Hets Ransomware work?

Hets Ransomware is a clone of Kodc Ransomware, Mosk Ransomware, Msop Ransomware, and multiple other threats that all stem from the well-known STOP Ransomware. Someone created a file-encryptor and made its code public, and now pretty much anyone with the intention to build and deploy malware can use this code. This is why so many different variants exist. The good news is that cybersecurity experts have managed to counteract the attackers with the STOP Decryptor. Not all variants of the threat are decryptable, and it does not decrypt all files, but if your photos, documents, and other personal files were corrupted, you should definitely give this free software a try. Just do not install malware that poses as a legitimate decryptor. Alternatively, the encrypted files can be “recovered” by replacing them with copies. Hopefully, you have copies of your personal files too. It is always best to store them apart from the original files, .i.e., outside the computer, because some infection can harm backups as well. Therefore, we always recommend using external hard drives and cloud storage systems instead.

Before you might even notice the “.hets” extension attached to your personal files – which signifies that they were encrypted – Hets Ransomware introduces you to “_readme.txt,” a ransom note file that is originally dropped to %HOMEDRIVE%. The message inside is created to convince the victims of the threat that they need to contact the attackers (at datarestorehelp@firemail.cc and datahelp@iran.ir) and then pay a ransom of $490 in return for a decryptor. The attackers even offer to decrypt one personal file for free, but we do not recommend contacting them or trusting them. Sure, they might decrypt that one file, but if you communicate with them, they could also send you malicious emails. And if you pay the ransom, you are unlikely to get anything in return for it. Unfortunately, no one can force cybercriminals to keep their promises, and because they cannot be held accountable, they just take your money and disappear. This is why we hope that you can either use a free decryptor or replace your personal files with backups.

How to delete Hets Ransomware

We’d love to guide you toward the removal of Hets Ransomware, but we cannot show you where to find the launcher of the file, which is the most important component. The file could be dropped to any folder, and its name could be random or take on the name of a legitimate file. Due to this, you might have trouble clearing your system from ransomware manually. That is not a problem because a legitimate anti-malware program can delete Hets Ransomware without taking much time at all. Since it is also possible that other threats could exist on your system, you could really use the automated malware removal services. On top of that, as you now know, your system cannot fend off malware without legitimate security software, and so if you want to be safe in the future, you should install anti-malware software immediately. Also, do not forget to always have backup copies of your personal files stored someplace safe, just in case.

Removal Guide

1. If you can locate the {unknown}.exe file that launched the threat, Delete it.
2. Launch Windows Explorer by tapping Win and E keys on the keyboard together.
3. Type %HOMEDRIVE% into the field at the top and tap Enter to access the directory.
4. Delete a file named _readme.txt and a folder named SystemID.
5. Type %LOCALAPPDATA% into the field at the top and tap Enter to access the directory.
6. Delete the {random} folder that contains malware files.
7. Empty Recycle Bin and then immediately perform a full system scan using a legitimate malware scanner. Download Removal Tool100% FREE spyware scan and
   tested removal of Hets Ransomware*