Hets Ransomware Removal Guide

Do you know what Hets Ransomware is?

Hets Ransomware encrypts personal files and adds the “.hets” extension to their names. Even though this extension can be removed, there is no point in doing that. The most important thing in recovering the files is decrypting the data, and that is a much more complicated process. In fact, the vast majority of file-encrypting ransomware threats remain undecryptable. Hets is a variant of the infamous STOP Ransomware, just like Kodc Ransomware, Leto Ransomware, Mosk Ransomware, and hundreds of other infections. Due to the sheer volume of identical threats, malware researchers were able to put in the time to crack the encryptor. Unfortunately, not all variants are decryptable, and STOP Decryptor also only restores files that were encrypted with an offline key. Whether or not you manage to get your files restored, you must remove Hets Ransomware.

It is important to discuss the distribution of Hets Ransomware because this might reveal the location of the threat and also your actions that might have led to a successful attack. Were your files encrypted soon after you opened a spam email attachment or downloaded a new file/program from an unreliable site? If that has happened, make sure you stay away from spam emails and unreliable downloaders in the future. If you have no idea how this malware got in, there is a good chance that other threats exist or that you have left your system or certain applications (e.g., web browsers) unpatched and vulnerable. Hopefully, you can pinpoint the moment Hets Ransomware got in, and you are able to find the .exe file that launched it because that will make it easier for you to perform manual removal. Hopefully, after you delete the infection, you can successfully use a free decryptor or replace the corrupted files using backup copies stored outside the infected computer.Hets Ransomware Removal GuideHets Ransomware screenshot
Scroll down for full removal instructions

If you cannot find a decryptor, if it does not work for you, or if you do not have backups, the attackers behind Hets Ransomware might have an easier time convincing you to do something really risky. After your files are encrypted, the infection uses a file named “_readme.txt” to inform you that they can provide you with a decryption tool and a unique key that, allegedly, could help you restore files. The price of the decryptor is $490, and you are supposed to contact the attackers by sending them an email to datarestorehelp@firemail.cc or datahelp@iran.ir to receive information about the payment method. Do you have a guarantee that you would receive a decryptor after paying the ransom? Even though the attackers can decrypt one file for free, this is no guarantee that you would receive a decryptor. This is why we do NOT advise contacting the attackers or paying the ransom. Whether or not you can replace or decrypt files, you need to focus on deleting Hets Ransomware.

There are a few components that belong to Hets Ransomware, but the most important one is the .exe launcher file. Where this file is and what its name is, we cannot know, which is why we cannot give you exact instructions on how to delete it. However, if you can find it, you should have no trouble erasing it just like any other unwanted executable. Of course, manual removal is not an ideal option. It is much better to install anti-malware software that can automatically delete Hets Ransomware, check for other potential threats, and also secure your system to keep other threats away. If you have not installed reliable anti-malware software yet, this is the perfect time to do it.

Remove Hets Ransomware

  1. Delete recently downloaded files to, hopefully, eliminate the launcher.
  2. Tap Win+E keys simultaneously to launch Windows Explorer.
  3. Enter %HOMEDRIVE% into the field at the top and Delete the file named _readme.txt.
  4. Also, Delete the folder named SystemID with the PersonalID.txt file inside.
  5. Enter %LOCALAPPDATA% into the field at the top and Delete the [random name] folder.
  6. Exit Windows Explorer and then Empty Recycle Bin.
  7. Install a legitimate malware scanner and employ it to perform a thorough system scan.

In non-techie terms:

Hets Ransomware encrypts files and then demands victims to pay a ransom in return for a tool that, allegedly, would restore all files. Can cybercriminals be trusted? Of course, they cannot, which is why we do not recommend contacting them or paying a ransom in return for some random decryptor. We hope that you can employ a free STOP Decryptor to restore your files or replace the encrypted files using backup copies. If these are valid options in your case, you should delete Hets Ransomware first because you do not want the infection to continue threatening the security of your files for any longer. Even if you can delete the threat manually, we strongly recommend taking advantage of legitimate anti-malware software because it will scan for threats, remove malware, and secure your system automatically.