Recent Articles
Quickest Mobile Data Recovery Case: 100% of Data Recovered in One Hour
How to fix a corrupted database on PS4
How to Troubleshoot Black or Blank Screens in Windows
LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat
How To Use iPad Recovery Mode
How to Prevent Overwriting Files: Best Practices
External Hard Drive Not Showing Up On Windows – Solved
How to Fix a Corrupted iPhone Backup
Backup and Remote Wiping Procedures
Common VMware Issues and Troubleshooting Solutions
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
Heimdall is a new type of ransomware that is currently becoming more prevalent.
History
On May 22nd, 2017, Michael Gillespie discovered Heimdall Ransomware. Heimdall is a ransomware-as-a-service (RaaS) that is currently being distributed through various affiliate programs. Heimdall uses the EDA2 open source project for its encryption routine, which is why it is sometimes also referred to as EDA2 ransomware.
How does Heimdall work?
When this ransomware is executed, it will check to see if the computer is connected to the Internet. If an Internet connection is present, Heimdall will contact its Command & Control (C&C) server and send information about the infected computer. After generating a unique ID for the computer, Heimdall will create an RSA-2048 public/private key pair. Heimdall will use the public key to encrypt a file called “HELP_DECRYPT.txt”, which contains information on how to contact Heimdall’s developers for payment instructions. Heimdall will then scan the computer’s hard drive for certain file types and encrypt them using the AES-256 encryption algorithm. The AES-256 encrypted files will have the “.heimdall” extension appended to them.
What types of files does Heimdall Ransomware encrypt?
Heimdall Ransomware will search for and encrypt over 500 different types of files. A list of file extensions that Heimdall targets you find below:
.3fr, .accdb, .ai, .arw, .bay, .cdr, .cer, .cr2, .crt, .crw, .dbf, .dcr, .der,
.dfx, .dng, .doc, .docm, , docx,.erf,.indd,.jpe,.jpg,.kdc,.mdb,.mdf,.mef,.mkv,.mos,, mov,.mp3,.mp4,.mpeg,.mpg,.mrw,.nef,.nrw,.odb,.odc,.odm, .odp,.ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pef, .pem, .pfx, .ppt, .pptm, .pptx, .PSD, .pst, .qbb, .qbm, .qbr, .qbw, .qbx, .qby, .qfx, .qwc, .raf, .rar, .raw, .rtf, .rw2, .rwl, .sr2, .srf, .srw, .wb2, .wpd, .wps, .xlk, .xls, .xlsm, .xlsx.
This ransomware will also encrypt files on any connected network drives.
How much does Heimdall Ransomware cost?
The Heimdall developers currently charge between 0.5 and 1 Bitcoin (approximately $1,000-USD 2,000) for the Heimdall decryption key. Heimdall’s developers have stated that they will give a discount to victims who contact them within 72 hours of Heimdall Ransomware infection.
Heimdall developers also offer a “free” decryptor that will decrypt three files for free. However, this “free” decryptor is only meant to show victims that Heimdall Ransomware is working and that Heimdall does indeed have the decryption key.
Protection
You can protect yourself from Heimdall and other ransomware infections by using a reliable anti-malware program and keeping your operating system and software up-to-date. You should also backup your important files regularly to minimize the risk of data loss in the event of a ransomware infection.
How to remove Heimdall Ransomware?
You can remove Heimdall Ransomware with a reputable anti-malware program. We recommend using Malwarebytes Anti-Malware, as it can detect and remove Heimdall and other types of malware from your computer. Once Heimdall has been removed, you can use a file recovery program to restore your encrypted files.
Is there a public decryption tool?
No, there is no public decryption tool for Heimdall Ransomware at this time.
You can only decrypt your files with the Heimdall decryption key, which is only available from Heimdall’s developers.
We do not recommend paying the ransom, as there is no guarantee that Heimdall’s developers will provide you with the decryption key. Additionally, paying the ransom will only encourage Heimdall’s developers to continue their malicious activities.
Use a recovery software
We built SalvageData data recovery software to help you.
Contact a data recovery service
If you cannot remove Heimdall ransomware or access your files, you can try to restore them using a data recovery service.
Our Heimdall ransomware removal and file recovery services are designed to help you get your files back. We have a team of highly trained security experts who will work with you to get your files back. Contact us today for a free consultation.