HeroesOftheStorm Ransomware
Posted: September 15, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 21 |
First Seen: | September 15, 2017 |
---|---|
Last Seen: | June 12, 2022 |
OS(es) Affected: | Windows |
The HeroesOftheStorm Ransomware is a variant of the Hidden Tear file-locking Trojan. Unlike most releases from this family, the HeroesOftheStorm Ransomware doesn't ask the victim for ransom payments, and, instead, demands that they log a play session of the Heroes of the Storm video game. Since this Trojan's decryption feature is fraudulent, victims should use other methods of restoring their files, along with anti-malware products for removing the HeroesOftheStorm Ransomware safely.
The Storm that's Coming for Your File
The people who invest even a minor amount of time into designing Trojans with file-locking features almost always do so for making financial gains out of their attacks. This rule of thumb sometimes is belied, however, by threat actors like the designer of the HeroesOftheStorm Ransomware, a minor variant of the Turkish Hidden Tear. Although the HeroesOftheStorm Ransomware shows the standard file-locking functionality that malware experts come to expect, it also has a unique 'ransom' demand: asking its victims to play video games.
All samples of the HeroesOftheStorm Ransomware available for analysis are both unfinished, and buggy and the Trojan is likely to crash with generic error messages before completing its payload. However, its working encryption feature, based on Hidden Tear's code, uses an AES cipher to encode and block formats of media such as JPG, DOC or GIF. Malware experts can verify that the HeroesOftheStorm Ransomware attacks only a 'test' folder on the desktop currently, which is a typical condition for threat actors who aren't ready to deploy their file-locking threats in public-distributed campaigns.
Related features that the HeroesOftheStorm Ransomware may crash before displaying include a pop-up window that the Trojan themes after Blizzard's Heroes of the Storm multiplayer game, and text messages asking the users to play the game for twenty-four hours to decrypt their files. While the HeroesOftheStorm Ransomware claims that it records all live play time automatically, malware analysts can verify that the Trojan has no features related to monitoring the user's program usage, including whether or not Heroes of the Storm is open or playing a live match.
Finding the Heroism to Brave Stormy Weather
The HeroesOftheStorm Ransomware is not a product or affiliate of Blizzard Entertainment and, based on its poor quality of code, is in development with a threat actor without much experience in the Black Hat software industry. Despite that background, its encryption code is a working derivative of the same features of Utku Sen's Hidden Tear. This function makes the HeroesOftheStorm Ransomware into a potential data saboteur for all PC users who don't back their files up to a secondary location, such as a detachable storage device or a cloud service. Victims without backups can contact an appropriate AV security researcher for insight into the decryption process for the Hidden Tear family.
This Trojan also is an example of how threat actors use social engineering to trick the users they attack into taking actions that aren't in their best interests. Since the HeroesOftheStorm Ransomware can't monitor your gaming activities, its file-unlocking instructions are, at best, a frivolous waste of the victim's time. Any threats capable of accomplishing this feature also would be able to collect information, such as passwords. As a general precaution, malware experts advise disabling any Internet connection before uninstalling the HeroesOftheStorm Ransomware with dedicated anti-malware programs, in all cases.
The fun and games of a Trojan's developer are often more of a headache for the users dealing with it. Jumping through arbitrary hoops for threats like the HeroesOftheStorm Ransomware is a losing proposition, no matter what your gaming lifestyle might be.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.