How to decrypt malware (.ehiz)

[Vally]

Hello,

 

My PC has been recently infected with some kind of malware, which instantly encrypted all my files on the PC to a weird .ehiz extension which cannot be opened and left with a note to visit a site and pay to unlock them.

Since I had no control over my PC, randomly restarting, changing wallpapers etc, I went ahead and totally wiped and formatted my drive C to restore it. 

I obviously lost whatever was on C, but I didn't format my second hard drive, just in case I can decrypt those files which are very very very important to me.

So, once I landed on my fresh new installation of windows, they still appear to be "locked" and under the .ehiz extension, which I couldn't get rid of. The question is, can I somehow restore their state and decrypt them?

Thanks for your time and available to any questions!

[tkitch]

Do you know what malware you were infected with?

[Vally]

Just now, tkitch said:

Do you know what malware you were infected with?

I do not know, but I know what site caused it and which download. I know little about malwares and anti-viruses did not help decrypt them either. Hoped Avast could maybe have a decryption tool or something. I uploaded a photo of what my files looked like before the format.

[tkitch]

Unless you know what the virus was you're probably mostly SOL.  There are tools out there to help decrypt some of the viruses, but you need to know what it was.  

 

https://noransom.kaspersky.com/

 

 

[Vally]

4 minutes ago, tkitch said:

Unless you know what the virus was you're probably mostly SOL.  There are tools out there to help decrypt some of the viruses, but you need to know what it was.  

 

https://noransom.kaspersky.com/

 

 

I just uploaded some screenshots in case that seems like a familiar virus or category. Can I also just try all the tools on the website you sent me?

I searched the internet but it doesn't seem to be many information about it.

[tkitch]

3 minutes ago, Vally said:

I just uploaded some screenshots in case that seems like a familiar virus or category. Can I also just try all the tools on the website you sent me?

I searched the internet but it doesn't seem to be many information about it.

IDK if using the wrong tool will hurt or not.  I can't really say.

 

[Vally]

19 minutes ago, tkitch said:

IDK if using the wrong tool will hurt or not.  I can't really say.

 

Well aparently it didn't. Tried all of them and only the last one (Xorist) seems to be "doing" something, like it's scanning all the files. The rest would not even recognize the file type. I'll let you know if it comes out with anything.

[LWM723]

https://www.myantispyware.com/2021/05/25/how-to-remove-ehiz-ransomware-decrypt-ehiz-files/

https://howtoremove.guide/ehiz-virus-file/

https://malwarecleanerpro.com/2021/05/ehiz-ransomware-remove-guide/

And lots more, just do a search. And have BACKUPS from now on.

[Vally]

13 hours ago, LWM723 said:

https://www.myantispyware.com/2021/05/25/how-to-remove-ehiz-ransomware-decrypt-ehiz-files/

https://howtoremove.guide/ehiz-virus-file/

https://malwarecleanerpro.com/2021/05/ehiz-ransomware-remove-guide/

And lots more, just do a search. And have BACKUPS from now on.

Thanks for the help. I did some research although, some of them which you already sent me are way too sketchy to try. They require some weird stuff to download and they are really untrustful. Like look at the second link's video, this guy has bots in his Youtube video to commentt that it worked.

 

Either way, I tried the EMSISOFT Decryptor but it doesn't seem to find any key to decrypt them. Are there any other TRUSTED ways I can try?

[Steven1911]

Hi, Valley
I am Steven from Taiwan, I am the same case like you. Although I tried hard to do an internet research to find out the solution to decrypt my files. But seems no hope. I also pay for the software SpyHunter 5 and check for Guidance Video on Youtube, but not work at all.

I tried to email the hacker, but I am not hope so much that they will forgive me. 

[Steven1911]

I think this is a new type of ransomware, because the Youtube video just upload yesterday, but it is useless. 

[Calypsoll]

hi

i have the same problem got this type of ransomware 2 days ago and i have not found a fix 

[Clairelee]

Me too, just infected by ehiz 7pm yesterday. I tried many method that found on google, but none of them work. I decide to save a copy of all file in my laptop and format my laptop. Hope that future got ppl can decrypt it

[Ahmad Hidayat]

for file recovery download and run this application https://www.myantispyware.com/download/photorec/ but don't expect much for the restoration of all your data. I also just tried to run this application, there are some that can be recovered.

 

 

[MoeNwe]

On 5/27/2021 at 12:43 AM, Steven1911 said:

I think this is a new type of ransomware, because the Youtube video just upload yesterday, but it is useless. 

Yes, it's a new type. I'm also infected... most of my data were encrypted in three days.

[Alan G]

Best source for malware is always Bleeping Computer.  Unfortunately a search for .ehiz ransomware shows that you are probably out of luck for the moment being.