Heroset Ransomware

The Heroset Ransomware is a relatively new file-locker that shares a lot of the features found in the infamous STOP Ransomware. Sadly, the victims of the Heroset Ransomware may not be able to undo the damage done to their files for free, since there is no free decryptor for the STOP Ransomware and its variants. The only decryption solution appears to be offered by the Heroset Ransomware’s authors, but they should not be trusted since they demand to receive a significant Bitcoin compensation in exchange for their assistance.

The Heroset Ransomware’s attack is swift and very difficult to spot until it is too late to do anything to halt it. Once the file-locker is launched, it may begin to work in the background and traverse the user’s directories to find files suitable for encryption immediately. Naturally, the Heroset Ransomware only focuses on file types that are likely to contain important data – documents, spreadsheets, archives, images, videos, songs, databases, etc. The encrypted files’ contents are inaccessible, and they can be recognized by the ‘.heroset’ extension that will be added next to their original name (e.g. ‘document.pdf’ would be renamed to ‘document.pdf.heroset.’)

Just like other variants of the STOP Ransomware, this one also may use the ‘_readme.txt’ file to provide the victim with a ransom note. The attackers may use the email addresses gorentos@bitmessage.ch or stoneland@firemail.cc for contact. Naturally, the perpetrators want to receive the payment via Bitcoin since this ensures their anonymity, and makes it impossible to reverse or track the payment.

If you are a victim of the Heroset Ransomware, you should remember that cooperating with the people who took your files hostage is not the recommended course of action certainly. You should use a reputable anti-virus tool to get rid of the harmful program and then look into alternative file recovery options.