03Aug, 2019


Hese ransomware is a high-risk ransomware that encrypts most of stored data thereby making it unusable. HESE comes from Djvu ransomware family. Additionally, Hese appends each filename with “.hese” extension (thus, its name). For instance, “2.jpg” would be renamed to “sample.jpg.hese” and so on so forth.

Screenshot of files encrypted by Hese (“.hese” extension):



Hese Ransomware Infection procedure

Encryptions are performed using algorithms that generate an individual decryption key for each victim. These are categorized as “online keys”. What’s more important is that victims cannot access their keys, since all of them are stored in a remote server controlled by Hese’s developers.

Now it is very important to note that Hese is designed to check whether the infected system has Internet connection and if the aforementioned server is responding. If at least one of these “tests” comes back negative, Hese encrypts data by using a so-called “offline key” (which is hard-coded).

HESE Ransomware threat ransomware:

The Ransomware Note

Once encryption is over, Hese generates a text file named “_readme.txt” and drops its copies in vast majority of existing folders.

Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data:

It basically informs victims about the current situation and states that decryption requires a unique key. These persons blackmail victims by offering a paid recovery. Each decryption key costs $980. However, crooks offer a 50% discount for those victims that will contact them within first 72 hours after the encryption. In addition, victims are allowed to send crooks one file which will be restored and sent back. Crooks do this in order to prove that they’re actually capable of decrypting and to gain victims’ trust. Unfortunately, ransomware developers ignore victims after they submit payments. For this reason, we highly recommend you ignore these persons and certainly not submit any payments.

Hese also displays a fake Windows update pop-up during the encryption:


How does Hese Ransomware infect a computer?

Vast majority of Hese ransomware infections are proliferated using fake software updaters and cracks, trojans, email spam campaigns, and third party software download sources (freeware download websites, free file hosting sites, Peer-to-Peer [P2P] networks, etc.) Fake updaters typically infect systems in two ways: by abusing old software’s bugs/flaws or merely downloading and installing malware rather than promised/expected updates. Cracking tools are meant to activate paid software for free. However, most of them are fake and are designed to infect systems rather than providing users with access to software’s paid features. Trojans are essentially small, yet extremely dangerous malicious apps that stealthily infiltrate computers, hide deep in the system and inject it with additional malware. Crooks employ spam campaigns to send hundreds of thousands of deceptive emails that contain infectious attachments (links and/or files), as well as messages presenting these attachments as important documents (e.g., invoices, bills, receipts, etc.) and encouraging recipients to open immediately. Unofficial download sources are also used in a similar manner. Cyber criminals present malicious executables as legitimate/genuine software, thereby luring users into manual download/installation of malware. To sum up, the main reasons for computer infections are poor knowledge and reckless behavior.

How to protect yourself from ransomware infections?

The key to computer safety is caution, which means that paying close attention when browsing the Internet, as well as downloading, installing, and updating software is paramount. All received email attachments should be handled with care. Files/links received from suspicious/unrecognizable email addresses should never be opened. Same goes for attachments that are irrelevant/do not concern you. Download programs from official sources and, if possible, using direct download links only. Keeping installed applications up-to-date is also very important. To achieve this, however, use only implemented functions or tools provided by the official developer. Be aware that unofficial download, installation and update tools often include rogue applications, which is why such tools shouldn’t used. Everyone should know that cracking installed applications is illegal (software piracy is a cyber crime). Additionally, the risk of infections is extremely high, due to the fact that most of cracking tools are fake. Therefore, you should never attempt to activate installed applications with some unofficial/illegal tools. Ultimately, we highly recommend to have a reputable anti-virus/anti-spyware suite installed and running. It will help you detect and eliminate malware before it does any harm.

NB: Are you infected by Hese Ransomware?

Our main Policy  is, we operate on No Data = No Fee or your money back!.

How we Operate: Click Here:

Our  success rate so far  in ransomware data recovery from CryptolockerJava, Arrow, DMA, XTBL, Kyra, Locky, Thor, CryptoMIX, Microsoft Crypto, AletaArena, Nuclear, NM4,Gryphon, BTC, and Zepto (to mention few!) is 100%.

Click here to submit a new case -> 

New Case  >>>http://www.ransomwareexpert.com/os/index.php?a=add

Leave a Reply

Your email address will not be published. Required fields are marked *