Ransomware help

[kinofiron257]

Guys I need help, my computer got hit by a ransomware virus and all of my files have been encrypted into this .HETS format. I cannot open my files and I searched all over the internet to find any sort of decryption software. I am in serious help as I cannot afford to lose of my data over the past few years. Any help or any tool regarding to break the decryption would be appreciated! 

[Eigenvektor]

That will not be possible unless the malware doesn't use "proper" encryption and/or a weak password. Neither of which this particular one seems to do: https://howtoremove.guide/hets-virus-file/

[Ben17]

6 minutes ago, kinofiron257 said:

Guys I need help, my computer got hit by a ransomware virus and all of my files have been encrypted into this .HETS format. I cannot open my files and I searched all over the internet to find any sort of decryption software. I am in serious help as I cannot afford to lose of my data over the past few years. Any help or any tool regarding to break the decryption would be appreciated! 

Backup up all the files to another drive also and keep it unplugged from anything 

[Ben17]

https://howtoremove.guide/how-to-decrypt-ransomware/

Might be some use? @kinofiron257

[Eigenvektor]

1 minute ago, Ben17 said:

https://howtoremove.guide/how-to-decrypt-ransomware/

Might be some use? @kinofiron257

The page just has pretty general advice, unfortunately.

 

The other page says "military-grade encryption algorithm" and "private decryption key", which means you're pretty much SOL. Unless the attacker uses the same key for everything or uses a weak algorithm, there isn't much you can do to decrypt it.

[Ben17]

1 minute ago, Eigenvektor said:

The page just has pretty general advice, unfortunately.

 

The other page says "military-grade encryption algorithm" and "private decryption key", which means you're pretty much SOL. Unless the attacker uses the same key for everything or uses a weak algorithm, there isn't much you can do to decrypt it.

I was thinking that but thought I'd add it anyway just in case it's useful at all thanks for the extra info though

[Eigenvektor]

Found some more info:
https://howtofix.guide/hets-decrypt-removal/?cn-reloaded=1

Quote

 

The cryptography algorithm used by Hets is AES-256. So, if your files got encrypted with a specific decryption key, which is totally distinct and there are no other copies. The sad reality is that it is impossible to restore the information without the unique key available.

 

In case if Hets worked in online mode, it is impossible for you to gain access to the AES-256 key. It is stored on a remote server owned by the frauds who distribute the Hets infection.

 

This article also has a decryption tool available, which may or may not work, since apparently the criminals made changes to the malware.

[Mark Kaine]

I wonder why AV didn't pick this up? 

[Roswell]

3 hours ago, Mark Kaine said:

I wonder why AV didn't pick this up? 

Depends on the AV. Only paid solutions really have any semblance of actual malicious encryption detection.