HeroesOftheStorm Ransomware

Posted: September 15, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 5

HeroesOftheStorm Ransomware Description

The HeroesOftheStorm Ransomware is a variant of the Hidden Tear file-locking Trojan. Unlike most releases from this family, the HeroesOftheStorm Ransomware doesn't ask the victim for ransom payments, and, instead, demands that they log a play session of the Heroes of the Storm video game. Since this Trojan's decryption feature is fraudulent, victims should use other methods of restoring their files, along with anti-malware products for removing the HeroesOftheStorm Ransomware safely.

The Storm that's Coming for Your File

The people who invest even a minor amount of time into designing Trojans with file-locking features almost always do so for making financial gains out of their attacks. This rule of thumb sometimes is belied, however, by threat actors like the designer of the HeroesOftheStorm Ransomware, a minor variant of the Turkish Hidden Tear. Although the HeroesOftheStorm Ransomware shows the standard file-locking functionality that malware experts come to expect, it also has a unique 'ransom' demand: asking its victims to play video games.

All samples of the HeroesOftheStorm Ransomware available for analysis are both unfinished, and buggy and the Trojan is likely to crash with generic error messages before completing its payload. However, its working encryption feature, based on Hidden Tear's code, uses an AES cipher to encode and block formats of media such as JPG, DOC or GIF. Malware experts can verify that the HeroesOftheStorm Ransomware attacks only a 'test' folder on the desktop currently, which is a typical condition for threat actors who aren't ready to deploy their file-locking threats in public-distributed campaigns.

Related features that the HeroesOftheStorm Ransomware may crash before displaying include a pop-up window that the Trojan themes after Blizzard's Heroes of the Storm multiplayer game, and text messages asking the users to play the game for twenty-four hours to decrypt their files. While the HeroesOftheStorm Ransomware claims that it records all live play time automatically, malware analysts can verify that the Trojan has no features related to monitoring the user's program usage, including whether or not Heroes of the Storm is open or playing a live match.

Finding the Heroism to Brave Stormy Weather

The HeroesOftheStorm Ransomware is not a product or affiliate of Blizzard Entertainment and, based on its poor quality of code, is in development with a threat actor without much experience in the Black Hat software industry. Despite that background, its encryption code is a working derivative of the same features of Utku Sen's Hidden Tear. This function makes the HeroesOftheStorm Ransomware into a potential data saboteur for all PC users who don't back their files up to a secondary location, such as a detachable storage device or a cloud service. Victims without backups can contact an appropriate AV security researcher for insight into the decryption process for the Hidden Tear family.

This Trojan also is an example of how threat actors use social engineering to trick the users they attack into taking actions that aren't in their best interests. Since the HeroesOftheStorm Ransomware can't monitor your gaming activities, its file-unlocking instructions are, at best, a frivolous waste of the victim's time. Any threats capable of accomplishing this feature also would be able to collect information, such as passwords. As a general precaution, malware experts advise disabling any Internet connection before uninstalling the HeroesOftheStorm Ransomware with dedicated anti-malware programs, in all cases.

The fun and games of a Trojan's developer are often more of a headache for the users dealing with it. Jumping through arbitrary hoops for threats like the HeroesOftheStorm Ransomware is a losing proposition, no matter what your gaming lifestyle might be.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to HeroesOftheStorm Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware HeroesOftheStorm Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.