Hets Ransomware
The Hets Ransomware is a file-locking Trojan that's part of the STOP Ransomware family. As a Ransomware-as-a-Service threat, it can circulate through any exploits that the renting criminal prefers, and uses encryption for holding the victim's files hostage. A sound backup methodology will prevent these Trojans from doing any long-term damage, while most anti-malware products should remove the Hets Ransomware safely.
The Next Word in the STOP Ransomware Lingo
Continuing the theme of semi-random phrases and pseudo-words in its naming plan, the STOP Ransomware is the provider of yet another offshoot with plans of extortion. The variant, the Hets Ransomware, shows the typical characteristics that malware researchers are familiar with from past campaigns, a la Lokf Ransomware, Nols Ransomware, or Zobm Ransomware, all the way back to the particularly-noteworthy Djvu Ransomware. With the simple tool of encryption, it keeps the user's files from opening in their programs and holds them as hostages for forcing a ransom payment.
The Hets Ransomware is a Windows program that can wield the above attack against such media as text documents, archives, databases, spreadsheets, mus and pictures. The threat also inserts extensions referring to the Trojan's name into each 'hostage' filename. More significantly, it also includes a default data wipe for the Shadow Volume Copies, which can keep users from getting files back through a Restore Point.
Malware researchers also find the STOP Ransomware's modern members, like the Hets Ransomware, capable of causing other security problems. Apart from sabotaging data, it may block some websites by making simple changes to the Hosts file – an IP address-mapping text file in Windows. It also has some possibility of installing spyware like AZORult for password exfiltration and, therefore, possibly helping attackers compromise more systems.
Shutting Off a Regular Ransom Rental Plan
Ransomware-as-a-Service 'farms out' the distribution aspect of the operation to a second criminal who pays for using the family's semi-customizable Trojan. Although this operating procedure makes the Hets Ransomware's distribution a little less predictable than ideal, most file-locking Trojans use well-known exploits. The STOP Ransomware family has close bonds with torrent and illicit software-based distribution methods, particularly, which can include torrent tactics, fake software updates, and malvertising, among other examples.
Users should back their files up to a device that's secured against similar attacks for any recovery needs they might have. Ordinarily, file-locking Trojans use a secure encryption method. In the Hets Ransomware case, it can be crackable or uncrackable, due to the family's use of an online or offline cryptographic key. Malware experts don't recommend paying the ransom, either way since criminals have no pressing obligations for honoring their business transactions.
Besides the usual safeguards like disabling JavaScript and macros, users also can keep their work safe through anti-malware products, nearly all of which will delete the Hets Ransomware and every other STOP Ransomware version on sight.
The Hets Ransomware is another footnote in a long text of Trojans beginning with the STOP Ransomware and running through similarly forgotten cases like the Masodas Ransomware and the Zatrov Ransomware. Their fast reproduction is a clear example of illicit businesses making money off of the recurring mistakes of ordinary, careless PC users, who value convenience more than safety.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.