What is DeathHiddenTear Ransomware
DeathHiddenTear Ransomware is a file-encryption virus discovered by Michael Gillespie. Being classified as ransomware, it ciphers the entire data (e.g. images, videos, text files, etc.) that is stored on PC or other external devices like flashcards connected to your computer. Ransomware is designed to demand a ransom that needs to be paid to retrieve your files. Alike other ransomware, DeathHiddenTear assigns .encryptedS (for small files) and .encryptedL (to big files) extensions. Most recent variations utilize .enc suffix. To illustrate, after encryption, 1.mp4 will be transformed into 1.mp4.encryptedS and restricts you from opening these files. After that, the program will drop a text file (Decrypt Instructions.txt) onto your desktop which contains the information about the locked data.
All of your files are encrypted, to decrypt them write us to email: AllZData@cock.li (jakejake1234@cock.li, Datauser17234@protonmail.ch)
187,15,28,244,249,77,21,50,58,239,19,98,217,252,245,41,144,76,92,172,94,107,219,158,195,132,13,151,57,147,72,99,82,58,125,154,230,223,31,147,10,1***
Extortionists state that you should write to their e-mail to get a unique decryption key. Luckily, DeathHiddenTear is decryptable and does not require contacting cybercriminals, instead, you can ignore them and use free file-decryption software developed by Michael Gillespie. To prevent further encryptions, you should remove DeathHiddenTear Ransomware from your computer.
How DeathHiddenTear Ransomware infected your computer
Ransomware-type programs are known to be distributed via trojans, fake updaters, executable scripts, e-mail spam, fake activation tools, botnets, keyloggers, and other dubious channels. The most popular is via fake e-mail campaigns that contain malicious attachments designed to infect vulnerable systems. The received messages are typically marked as “official” or “legitimate” which is a trick to fool inexperienced users. Opening unknown files or links from suspicious senders may be dangerous and can result in various infiltrations like ransomware. Another highly-abused method is via trojans. Trojans are also bundled into e-mails and are meant to cause so-called chain infections. Other distribution channels like fake software cracking tools also contribute to the game. Since most users are seeking to bypass licensed software, they can accidentally stumble upon an infected activation tool that contains different kinds of infections like ransomware. This is why you should download software only from trusted and official resources. If your files were encrypted by DeathHiddenTear Ransomware, then you can follow free guide removal in the section below.
- Download DeathHiddenTear Ransomware Removal Tool
- Get decryption tool for .encryptedS, .encryptedL or .enc files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like DeathHiddenTear Ransomware
Download Removal Tool
To remove DeathHiddenTear Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders and registry keys of DeathHiddenTear Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove DeathHiddenTear Ransomware completely, we recommend you to use WiperSoft Antispyware. It detects and removes all files, folders and registry keys of DeathHiddenTear Ransomware. WiperSoft Antispyware offers free scan and 7-days limited trial.
DeathHiddenTear Ransomware files:
ssvchost.exe
Decrypt Instructions.txt
{randomfilename}.exe
DeathHiddenTear Ransomware registry keys:
no information
How to decrypt and restore .encryptedS, .encryptedL or .enc files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .encryptedS, .encryptedL or .enc files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .encryptedS, .encryptedL or .enc files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing of files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with DeathHiddenTear Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .encryptedS, .encryptedL or .enc files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like DeathHiddenTear Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storages, such as hard drives, SSDs, flash drives or remote network storages can be instantly infected by the virus once plugged in or connected to. DeathHiddenTear Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails is most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications, and provides very high level of anti-spam protection.