H34rtBl33d-Threat In Detail
H34rtBl33d Ransomware is a file encrypting trojan program that was detected on 30th of March 2018. This crypt-locker threat encrypts most of the files on the attacked system by appending “.d3g1d5” affix after the original file name. The authors of the threat demands ransom 0.1337 in Bitcoins to get the decryption key for the files.
H34rtBl33d Ransomware is managed by group of peoples named as ‘D3g1d5.Cyber.Crew’. They also had a facebook page but was deleted just after the AV vendors started investigating on this threat.
Unlike other ransomware which drops ransom notes, H34rtBl33d Ransomware uses the balloon tip notification that usually appears as pop-ups to deliver any system related notification on the right-bottom corner of the desktop.
The notification states:
Error! Your file could not be opened Please Decrypt Your File Using H34rt8133d Decrypter’ Want Your Files Back? [Click here|BUTTON]’
‘Find out here about H34rt8133d Decrypter and how to return it [Click here|BUTTON]’
‘Cheaper than wannacry!
H34rt8133d very good ransomware in the world
Ransomware With Cheapest Ransom!
FACT! Ransomware that has infected your computer turned out RANSOMWARE WITH THE LOWEST CHOICE. Want your file back? [Click here|BUTTON]
By clicking on the above link, users are redirected to “scorpionlocker.xyz” web page. Further, the webpage instructs the victim to download and install Tor browser, create an account on torbox3uiot6wchz.onion and then contact with the crew of D3g1d5.Cyber.Crew to the email address-”firstname.lastname@example.org”.
Once the payment is done, then the D3g1d5.Cyber.Crew will provide the decryption key that is kept on a remote server.
But before you agree to pay the ransom, let us aware you that H34rtBl33d Ransomware is poorly scripted and it is no any guarantee that you will get your files back. Thus, security researchers advise not to pay the ransom to the authors of H34rtBl33d and quickly remove the threat from the PC. Also, you can try recovering your data from backups if any or take the help of data recovery software programs.