This is a quick analysis of the in development infection called Heropoint Ransomware. This article will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted.

Heropoint Ransomware Summary

The Heropoint Ransomware is currently in development and at this point does not actually encrypt any files and just displays the following lock screen.

Heropoint Ransomware Lock Screen

 It does, though, contain a XOR routine, which is used to encrypt the files, but is overloaded by a function of the same name that returns a NotImplementedException. This causes the ransomware to skip the encryption of any files.

XOR Functions
XOR Functions

If it was to encrypt files, it would be currently targeting files that contain the following extensions:

.txt, .png, .ico, .mp3, .exe, .jpg, .pptx, .xlsx, .htlm, and .mp4 

When encrypting a file it would then append a random numeric extension to the filename.

Heropoint Ransomware Settings
Heropoint Ransomware Settings

Method of Distribution

As this ransomware is currently in development, it is not being distributed at this time.

Can Heropoint Ransomware be decrypted?

As this ransomware is current in development, it is unknown if the final version will be decryptable. 

How to protect yourself from Heropoint Ransomware

In order to protect yourself from the Heropoint Ransomware you should use standard security practices. This includes using good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.