This is a quick analysis of the in development infection called Heropoint Ransomware. This article will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted.
Heropoint Ransomware Summary
The Heropoint Ransomware is currently in development and at this point does not actually encrypt any files and just displays the following lock screen.
It does, though, contain a XOR routine, which is used to encrypt the files, but is overloaded by a function of the same name that returns a NotImplementedException. This causes the ransomware to skip the encryption of any files.
If it was to encrypt files, it would be currently targeting files that contain the following extensions:
.txt, .png, .ico, .mp3, .exe, .jpg, .pptx, .xlsx, .htlm, and .mp4 When encrypting a file it would then append a random numeric extension to the filename.
Method of Distribution
As this ransomware is currently in development, it is not being distributed at this time.
Can Heropoint Ransomware be decrypted?
As this ransomware is current in development, it is unknown if the final version will be decryptable.
How to protect yourself from Heropoint Ransomware
In order to protect yourself from the Heropoint Ransomware you should use standard security practices. This includes using good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.
You…
