Geek's Advice

HE-HELP ransomware is designed to target employees of business organisations to extort money

HE-HELP ransomware (alternative name: Normanzak ransomware) is a file-encrypting virus that is targeting employees of business companies to encrypt important data. It uses AES and RSA cryptographic algorithms to lock the most valuable files and then demands a ransom to decrypt them. Once infected, employees receive a READ_ME_.txt ransom note that explains how to decrypt data marked with .HE and .HE._LP file extensions. Attackers demand the company’s CEOs to contact them via normanzak@protonmail.com and normanzak@airmail.cc e-mail addresses for payment details.

This particular cyber threat has been spotted spreading in the second half of June 2020 via malicious spam e-mails. Victims whose computers are infected are provided with the message from cybercriminals. It states that all information that is stored on the device is encrypted and the executive of the company should pay an unspecified amount of money to decrypt it. Attackers ask to send 3 small encoded files via e-mail and include the company name in the subject field.

As a result, the crooks promise to respond with decrypted files as proof that they have HE-HELP decryptor and indicate the amount of the ransom that must be paid for it. Furthermore, they suggest to contact them within the first 24 hours of the infection in order to get the so-called best price. Otherwise, they claim to publish the confidential files of the company if the CEO does not comply with the demands. This technique helps to intimidate people and ensure that they are more willing to pay the ransom.

Reasons not to pay up

Even though the decryption key for HE-HELP virus is a unique tool that cannot be reproduced, we do not recommend trying to get in contact with the attackers under any circumstances. Ransomware-type infections are highly dangerous. Yet, many companies store backup copies of their data that can be used to restore encrypted files without paying enormous amounts of money to the attackers. This is a far more reliable method to get back locked information than collaborating with the crooks.

Although, you should first start HE-HELP removal before performing any other actions or trying to restore affected files. The only safe way to get rid of the infection is to either get professional in-person help or install a strong malware removal software that could manage to uninstall all ransomware-related components and clean your system. Our experts advise using RESTORO for file-encrypting virus elimination.

Note that you must remove HE-HELP ransomware virus as quickly as possible. Many computers within the company are connected to an intranet that could lead to a quick spread of the file-encrypting virus on all systems within the business organization. In this case, virus elimination would be a more complicated process with even more damaging consequences than it already is. Thus, do not hesitate and run a full system scan with a reputable antivirus immediately.

Quick Summary

Name	HE-HELP ransomware, also known as Normanzak ransomware
Type	File-encrypting virus, Cryptomalware
Targets	Employees within business units
Extension	.HE and .HE._LP
Ransom Note	READ_ME_.txt
Amount of the ransom	Not specified at first; Provided after contacting the attackers
Contact e-mails	normanzak@protonmail.com; normanzak@airmail.cc
Spread	Infiltrates the system via malicious spam e-mails
Decryption	This very new ransomware does not have a valid decryption software yet; You can restore files from the latest backup copy
Removal	You should uninstall this cyber threat as quickly as possible to stop the spread through the company network. For that, run an entire system scan with RESTORO

Ways to identify ransomware infiltration attempts through spam

Most file-encrypting viruses like HE-HELP virus or DHARMA try to infiltrate the system via malicious spam e-mails that are sent to an uncountable number of different accounts. Usually, it contains a link to the ransomware distribution source that triggers an immediate installation. Those who fail to identify malware infiltration attempts end up with locked data. Although, there are a few simple steps to follow if you want to spot an attempt to infect your computer.

Developers of malicious programs try to benefit from people living a hectic lifestyle that are usually in a hurry. They create e-mails that resemble messages from popular companies or social media apps that encourage them to visit the attached link. Note that you should open electronic letters only from the people you know. Always check the e-mail address and try to look for misspells or other errors if it includes a company name.

Furthermore, e-mails with HE-HELP ransomware might look like legitimate messages but they do not only often include grammar mistakes but also end up in the junk or spam box. We advise our readers to never open such letters and delete them right away. Otherwise, you risk infecting your computer with dangerous ransomware or other malicious cyber threat.

Keep in mind that some file-encrypting viruses might hide as suspicious links on various unverified websites. Therefore, you should refrain from visiting dubious pages and especially downloading content from them. This way, you will reduce the chances of crypto-malware infiltration on your system. For double security get an antivirus running on your computer at all times.

Uninstall HE-HELP ransomware virus from your PC

Ransomware viruses require users to either get help from tech experts in-person or install a top-notch malware removal software to clean their systems. The majority of file-encrypting viruses even block access to such tools. Thus, you should boot your system into safe mode if you want to start HE-HELP removal from your PC. This action will help to decontaminate the infection and start the elimination procedure.

Once you run a full system scan with a reputable malware removal tool and remove HE-HELP ransomware virus from your system, we suggest scanning with RESTORO to repair virus damage caused by the ransomware. Then, you can head to data recovery. The safest way to get back the lost files is to use the latest backup copy from the Cloud. Do not install dubious third-party decryptors as they might appear to be malware and damage your system even worse.

OUR GEEKS RECOMMEND

Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

Alternative software recommendations

Malwarebytes Anti-Malware

Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense

If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.