Developers of Heropoint is working on a new ransomware project

Heropoint is ransomware virus that is still in development. Currently, it does not encrypt files. The only thing it does on the affected system is locks computer’s screen. The lock screen message asks to pay $20 in order to get a password and get access to the computer.
The lock screen message also contains a contact email address heropointyt@gmail.com. It seems that victims are supposed to send an email to authors of Heropoint ransomware in order to learn how to pay the ransom. The full text of the ransom note:
WHAT HAPPENED ?
Your precious files have been encrypted
from my virus
HOW DO I ADJUST THIS?
Pay 20$ in bitcoin to get password
WHAT DO NOT HAVE TO DO?
Open the task manager
Open the cmd (command prompt)
Open Regedit and sethc…..
Run pc in Safe Mode
Delete rigestries from msconfig
WHAT DOES IT HAPPEN IF I DO NOT PAY?
Well …. to files, photos, texts, word / powerpoint projects you can say goodbye …
Additionally, Heropoint virus might use XOR[1] cryptography to encrypt data as well. According to the latest research data, it is designed to target .txt, .png, .ico, .mp3, .exe, .jpg, .pptx, .xlsx, .htlm, and .mp4 file extensions. However, a specific file extension that might be added to encrypted data is unknown yet.
If your computer gets infected with this crypto-virus, you should get rid of it immediately. Malware might be updated soon and become a dangerous cyber threat. Thus, it might make critical system changes or open backdoor to other malware. Hence, Heropoint removal is needed to keep your PC safe to use.
In order to remove Heropoint without causing more damage, you have to scan the system with FortectIntego or another malware removal software. Please, do not try to locate and delete ransomware-related components manually. It may lead to irreparable damage to the system.

Ways to prevent ransomware attack
Developers of Heropoint haven’t started distributing the virus actively. However, the situation might change at any minute. Thus, you should be prepared for another malware attack.
- Do not open unknown emails and stay away from their attachments. Malspam[2] is the main ransomware distribution method which relies on social engineering. Criminals might give numerous convincing reasons to click on an infected attachment and download malware payload.
- Do not download illegal content. Illegal movies, music, books or other files might contain malicious components. However, the biggest dangers hide in cracked programs. Thus, always download software from official developers sites.
- Stay away from pop up software update alerts. Malvertising is one of the most popular malware distribution methods. Usually, criminals include malicious content in ads that warn about outdated Flash or similar programs. Do not forget that legit software updates are not delivered in the ads on random websites.
- Install all available updates. A cyber security team from NoVirus.uk[3] remind that the biggest ransomware attacks in 2017 were held by exploiting system vulnerabilities. Thus, installing all available updates helps to minimize the risk of cyber attack.
- Install powerful antivirus that offers real-time protection.
Removal of the Heropoint ransomware virus
If this ransomware starts spreading and gets inside your PC, you should get rid of it immediately. The correct way to remove Heropoint, as well as other malware, is to employ reputable malware removal software. However, you may need to bypass the lock screen message first.
Below you can find manual Heropoint removal guide which allows bypassing the lock screen and disabling the virus. Once it’s done, you have to install security software and run a full system scan with an updated tool. For the elimination, we suggest using either FortectIntego or MalwarebytesMalwarebytes.
Was this guide helpful?
Be the first to comment