FANDOM


Hese is a Russian ransomware that comes from the Djvu family. It was discovered by Michael Gillespie.

Payload

Transmission

Hese is distributed through Infected email attachments (macros), torrent websites, malicious ads, unofficial activation and updating tools.

Infection

Following successful infiltration, Hese encrypts most of stored data thereby making it unusable. Additionally, Hese appends each filename with ".hese" extension (thus, its name). For instance, "1.jpg" would be renamed to "sample.jpg.hese" and so on so forth. Once encryption is over, Hese generates a text file named "_readme.txt" and drops its copies in vast majority of existing folders.

Hese uses a text file to deliver a ransom demanding message. It basically informs victims about the current situation and states that decryption requires a unique key.

Text presented in Hese ransomware's text file ("_readme.txt"):

ATTENTION!
Don't worry, you can return all your files!
 All your files like photos, databases, documents and   other important are encrypted with strongest encryption  and unique key.
 The only method of recovering files is to purchase decrypt tool and unique key for you.
 This software will decrypt all your encrypted files.
 What guarantees you have?
 You can send one of your encrypted file from your PC and we decrypt it for free.
 But we can decrypt only 1 file for free. File must not contain valuable information.
 You can get and look video overview decrypt tool:
 hxxps://we.tl/t-sTWdbjk1AY
 Price of private key and decrypt software is $980.
 Discount 50% available if you contact us first 72 hours, that's price for you is $490.
 Please note that you'll never restore your data without payment.
 Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
 To get this software you need write on our e-mail:
 gorentos@bitmessage.ch
Reserve e-mail address to contact us:
 gerentoshelp@firemail.cc
Your personal ID:
 -

Encryptions are performed using algorithms that generate an individual decryption key for each victim. The victims cannot access their keys, since all of them are stored in a remote server controlled by Hese's developers.

These persons blackmail victims by offering a paid recovery. Each decryption key costs $980. However, crooks offer a 50% discount for those victims that will contact them within first 72 hours after the encryption. In addition, victims are allowed to send crooks one file which will be restored and sent back.

Community content is available under CC-BY-SA unless otherwise noted.