There have been several reports, regarding ‘HELP_DECRYPT’ named files on the users’ desktops that are .png , .url, .txt and there is also an HTML page being reported. These files may be an indicator that there is a CryptoWall 3.0 ransomware on the computer. This type of malware is extremely dangerous for the user since it is believed to use RSA cryptosystem that may vary from 1,024 to 4,096 bit, according to security experts. The ransomware might encrypt important files of the user, demanding financial compensation from the user.
HELP_DECRYPT Files – What are They?
HELP_DECRYPT files may be messages that inform the user that his files were encrypted, demanding different ways to make a payment to cyber-criminals (bitcoin, debit card, etc.) to decrypt them back. However, in some cases the files may stay encrypted after the payment. They are associated with the CryptoWall 3.0 ransomware, that is a variant of the CryptoWall malware (2.0, 1.0). They usually may be deployed after the user has been affected by this ransomware. There are several ways in which a user may become a victim of this malicious software, varying from downloaded executable files on their machine by mistake to opening an email, containing malicious code(targeted attacks).
HELP_DECRYPT.html – You might see this file set as your homepage. However, it may exist in the desktop as well. It shows different addresses on which the victim can contact the attackers for further instructions.
HELP_DECRYPT.png – This file is believed to appear either as a pop-up on the machine, or it may be set as a desktop wallpaper, notifying the user of the encryption. It may include similar instructions to the .html.
HELP_DECRYPT.txt – This text file could have the same instructions as the .html and .png image. However, it may display instructions to enter the web pages for further information. Such instructions may include usage of Firefox-based web browser that does not allow extensions, does not record web browsing history and is anonymous, ensuring cybercriminals safety in a way.
HELP_DECRYPT.url – Unlike the other three, the URL may display more information about the user’s files. Such information might be how much time is left until the ransom amount is doubled, an option to possibly decrypt one file free of charge. It also could include instructions for payments in Bitcoin currency. Cyber-criminals may prefer Bitcoin value, due to its extensive use, difficult to trace back and its rising value.
The HELP-DECRYPT files are a clear indicator that the user’s data may be in danger. It is recommended not to pay the ransom and use other methods to remove the files.
HELP-DECRYPT – How To Restore the Encrypted Files?
If you were affected by the ransomware, (Windows Users), it is a should to follow the steps, provided bellow in order to remove it and enable the Windows file protection feature that will restore your files, to their past state.
1) Download a reputable anti-malware scanner and remove the CryptoWall 3.0 files from the computer.
2) Open Properties by right-clicking on My Computer and then choosing it.
3) Open Advanced System Settings
4) Go to System Protection.
6) Click Configure and then click on Turn On System Protection.
7) Click OK and you are all set
After you have this protection switched on, if something happens to your data, you may be able to restore them, using those steps:
1) Right-Click the encrypted file and then choose Properties.
2) Click the Previous Versions button.
3) At this point, you should see an earlier version of the file with a ‘last modified’ date.
4) Mark the file with the mouse and then choose the down-right button that says Restore.
If your files were previously encrypted, this software might leave some files, such as registry values and others on your system. This is why, recommendations are to download a particular anti-malware program that will ensure your protection and terminate any traces of the malicious software.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter