Heroset is a program that belongs to the Djvu ransomware family. It was discovered by Michael Gillespie. The main purpose of Heroset is to encrypt files (make them unusable) and to force victims to pay a ransom/buy a decryption tool. It places the "_readme.txt" file (a ransom note) in every folder that contains encrypted files, it also renames all those files. Heroset adds the ".heroset" extension to every encrypted file, for example, it renames a file named "1.jpg" to "1.jpg.heroset" and so on.
As stated in the "_readme.txt" file, Heroset encrypts all files (including photos, databases, documents and so on) with a strong encryption that can be decrypted only with the right decryption key and tool. In order to purchase them, victims must to pay a ransom of $980. However, cyber criminals who developed Heroset offer a 50% discount for victims who will contact them in no more than 72 hours after encryption. To contact them, victims have to write an email to email@example.com or firstname.lastname@example.org address. Another way to contact Heroset's developers is via Telegram by writing to @datarestore. One way or another, it is required send them the appointed personal ID too. In order to avoid having to contact and/or pay them, we recommend to try using an offline decryption tool. However, it may help only if there was no Internet connection (or remote server that cyber criminals use was not responding) during the encryption process. There is no other way to decrypt files encrypted by Heroset for free. Ransomware-type programs cause strong encryptions that can be decrypted only with the right tools that cyber criminals have. If there was a data backup created before encryption, then we recommend to restore all files from there.
Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data:
The number of ransowmare-type programs is growing by the days, Poret, Buran and Luboversova148 are just a couple of other programs of this type. Typically, these are designed to encrypt data and force victims to pay a ransom. The main and most common differences between these malicious programs are the price of a decryption (ransom size) and cryptography algorithm (symmetric or asymmetric) that is used to lock files. Another common thing is that most of these programs are impossible to 'crack', in other words, successful decryptions can be performed only with the right tools. That is why it is important to have a data backup and to keep it stored on some remote server or unplugged storage device.
13 Jun, 2019