Hlas ransomware is file-encrypting malware from the Djvu/STOP ransomware family. The ransomware operators release new versions on a regular basis, and they can be identified by the extensions they add to encrypted file titles. This one adds .hlas, hence why it’s known as Hlas ransomware.
Hlas ransomware belongs to the Djvu malware family, which is operated by a cybercriminal group that releases new ransomware versions regularly. The versions can be identified by the extensions they add to encrypted files. This particular malware adds .hlas, which means an encrypted 1.txt file would become 1.txt.hlas.
The ransomware will target all personal files, including photos, pictures, videos, documents, etc. Encrypted files will be completely unopenable unless you first decrypt them. However, acquiring the decryptor is difficult because the only ones who have it are the cybercriminals operating this malware.
When the ransomware has finished encrypted files, you will find a _readme.txt ransom note in folders that contain encrypted files. The note explains that to get the decryptor, you need to buy it. The regular price is $999 but a 50% discount will supposedly be given to users who contact the cybercriminals within the first 72 hours. The cybercriminals also promise to decrypt one file for free as long as it does not contain any important information.
Here is the full _readme.txt ransom note:
ATTENTION!
Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.
You can get and look video overview decrypt tool.
Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that’s price for you is $499.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshingmail.topReserve e-mail address to contact us:
datarestorehelpyou@airmail.ccYour personal ID:
For users with no backups, paying the ransom may seem like a good idea. However, paying or even engaging with cybercriminals is never recommended. Users should keep in mind that ransomware is operated by cybercriminals, which means they are unlikely to feel an obligation to help victims. Unfortunately, there have been many ransomware victims who bought a decryptor but did not receive one. The decision of whether to pay the ransom is yours, but you should be aware of the risks.
If you have a backup of your files, you can start recovering files as soon as you remove Hlas ransomware from your computer. It’s strongly recommended to use an anti-malware program to delete Hlas ransomware because it’s a complex infection that requires a professional program to get rid of.
If backup is not an option for you, back up the encrypted files and wait for a free Hlas ransomware decryptor to be released. If it does get released, it will be available on NoMoreRansom.
How did ransomware enter my computer?
There are several different ways malicious actors spread ransomware, including email attachments and torrents. Users with bad browsing habits are considerably more likely to infect their computers with malware. An effective way of avoiding malware is developing better online habits and familiarizing oneself with the most common malware distribution methods.
Malicious files often come attached to emails, and when users open those files, the computers become infected. These emails are usually part of a massive malspam campaign and target a large number of users at the same time with the same email. Because the emails are so generic, they are often easy to identify as malicious.
Malicious senders often make their emails resemble order confirmations and parcel delivery notifications. Senders can claim that the attached files are important documents that need to be urgently reviewed, which pressures them into opening the files without double-checking. If users open those files, their computers become infected. However, one thing that often gives these emails away is grammar and spelling mistakes. Malware-carrying emails are often full of mistakes, which you would never see in emails sent by legitimate companies.
Another thing that often gives away malicious emails is their generic greetings. When companies send emails to customers, they use users’ names to address them to make the email more personal. However, malicious emails use words like User, Member, Customer, etc., instead of using users’ names. Malicious actors rarely have access to more personal information besides an email address so they are forced to use generic words.
Some malicious emails can be more sophisticated, particularly when they target specific people/companies. Such an email would have no mistakes, and have information that would make the email seem more credible. It’s always a good idea to scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them for this reason.
Malware is also often found in torrents, especially in ones for entertainment content like movies, TV series, video games, etc. Torrent sites are often poorly moderated, so malware is common. Not only is pirating using torrents content theft but it’s also dangerous for users’ computers and data.
How to delete Hlas ransomware
Whether you have a backup or not, you still need to remove Hlas ransomware from your computer. It’s strongly recommended to use an anti-virus program because ransomware is a complex infection. If you have a backup, you can access it as soon as you fully delete Hlas ransomware.
Hlas ransomware is detected as:
- A Variant Of Win32/Kryptik.HXVE by ESET
- HEUR:Trojan-Ransom.Win32.Stop.gen by Kaspersky
- Trojan.MalPack.GS by Malwarebytes
- Trojan:Win32/GCleaner.ARR!MTB by Microsoft
Site Disclaimer
2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.
The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.