'help@decrypt-files.info' Ransomware

'help@decrypt-files.info' Ransomware Description

The 'help@decrypt-files.info' Ransomware is a version of the Dharma Ransomware, a file-locker Trojan family that searches for digital media that it blocks by encrypting it. Along with making your files unopenable, the 'help@decrypt-files.info' Ransomware also changes their names, creates ransoming messages for the decryptor, attacks the rest of the local network and deletes backups. As always, the existence of a secure backup is the most important part of recovering from infections after deleting the 'help@decrypt-files.info' Ransomware with the anti-malware program of your choice.

The Supposed Backup that Eats the Real Ones

A new release in the Dharma Ransomware family is pretending that it's a project backup, including company credentials for making it look harmless until after it finishes its attacks. The 'help@decrypt-files.info' Ransomware is similar, operationally, to other releases from this same group of file-locker Trojans, such as the btc@fros.cc Ransomware, the Darknes@420blaze.it Ransomware, the 'backtonormal@foxmail.com' Ransomware or the latest the 'getdataback@fros.cc' Ransomware. Its most distinguishing payload features are no more than the different extensions and addresses that it uses for ransoming media.

The 'help@decrypt-files.info' Ransomware's samples are purporting that they're backups for a 'Chemix' company, but new versions could have their labels edited for appropriateness to the targets. After infecting a PC, either by user-assisted exploits like spam e-mails, or manual ones, such as a brute-force attack, the 'help@decrypt-files.info' Ransomware begins encrypting documents, pictures and other media throughout the PC. Like most versions of the Dharma Ransomware, it also deletes the Shadow Volume Copies, which makes it, ironically, a fake backup that wipes out real ones.

The 'help@decrypt-files.info' Ransomware adds '.gdb' extensions to the filenames of all blocked media, along with an ID that's specific to each infection and the address in its name. The latter, which it also promotes throughout a pair of ransom notes, is intended as the point of contact for victims to negotiate over the decryption solution. While such an option may be the only decryption service available for any locked files, malware experts caution that, historically, the reliability of providing a non-refundable ransom payment to a criminal isn't a very dependable way of restoring media.

The Only Help You should Need for Saving Your Media

Malware experts recommend disabling the network connectivity at any stage of a 'help@decrypt-files.info' Ransomware infection, due to the threat's traditional inclusion of network shares (including unmapped ones) in its file searches. Users also should assume that the Trojan will re-launch itself whenever Windows restarts, as an opportunity for encrypting any newly-introduced files. Conventional solutions, such as entering into Safe Mode, and having backups saved to non-accessible or password-protected locations, can provide your media with security from the 'help@decrypt-files.info' Ransomware's ongoing attacks.

The use of brute-force and RDP-based exploits is a regularly-notable factor in Ransomware-as-a-Service campaigns like the 'help@decrypt-files.info' Ransomware's attacks. Server administrators should avoid passwords that would be breakable easily, check their RDP settings and firewall ports for safety issues, and avoid opening e-mail attachments without confirming their safety, first. One out of every two AV brands are identifying this threat and should experience no problems with removing the 'help@decrypt-files.info' Ransomware from your computer, and malware experts expect that number to increase over the coming weeks.

The fake company information that the 'help@decrypt-files.info' Ransomware depends on is a flexible disguise that may be showing its threat actor's hand regarding the intended targets. As usual, it's a bad idea to rely on the appearance of a file for determining its safety, especially when it comes attached to an unexpected e-mail or shows up on your hard drive randomly.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 'help@decrypt-files.info' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: October 29, 2018
Home Malware Programs Ransomware 'help@decrypt-files.info' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.