Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Skull HT Ransomware

It seems that cyber criminals have not stopped developing ransomware infections on the basis of Hidden-Tear, an open-source ransomware. Skull HT Ransomware is the newest threat they have released. Specialists say that it is not a prevalent threat yet, but this might change soon, so you should not be one of those careless users if you do not want to discover this ransomware infection on your computer. If it is a little too late for prevention, i.e., you have already found this infection on your computer and your files have been encrypted, you should go to remove the ransomware infection from your system right away so that it would not cause more problems to you and only then think about the decryption of your files. Sadly, we cannot promise that you could get them back, but, of course, paying money to cyber criminals is not a good solution to the problem either because the chances are high that you will not get the promised the decryption tool and key. The ransomware infection will not be removed from your system either even if you pay the ransom required, which means that it might lock your personal files once again one day and, as a consequence, you will need a new decryption key.

Although Skull HT Ransomware is a new crypto-threat, it acts exactly like its predecessors. To be honest, there is not much new to say about it because it also goes to encrypt users’ pictures, documents, videos, and other files after it finds where they are located. It has been noticed that it checks the following directories and locks all files it finds in them: %USERPROFILE%\Desktop, %USERPROFILE%\Links, %USERPROFILE%\Contacts, %USERPROFILE%\Documents, %USERPROFILE%\Downloads, %USERPROFILE%\Pictures, %USERPROFILE%\Music, %USERPROFILE%\OneDrive, %USERPROFILE%\Saved Games, %USERPROFILE%\Favorites, %USERPROFILE%\Searches, and %USERPROFILE%\Videos. You will immediately notice which of your personal files have been encrypted because 1) you will not be allowed to open them and 2) they will all have .locked appended to them. Of course, Skull HT Ransomware does not perform this only activity. As research has shown, you might also find your Desktop background changed. Additionally, it checks whether the READ_ME.txt.locked file exists on Desktop (%USERPROFILE%\Desktop). If it finds it there, it deletes it and drops READ_ME.txt, which is a ransom note. This file explains users why they can no longer open their files: “Your computer has been LOCKED.” Also, they find out if they read it what they can do to get their data back. As expected, it demands money from users. They need to send 0.00156 BTC to cyber criminals behind this ransomware infection to get the decryption key and special tool. Since you have no guarantees that you could unlock your files, you should not send cyber criminals a cent. Unfortunately, without the special key/decryption tool, you could only restore your files from a backup. If you have never backed up your files, it means that they will stay encrypted. Of course, it is not a huge problem if there are no valuable files among those encrypted ones.

Specialists at are sure that Skull HT Ransomware enters users’ computers without their knowledge, but, frankly speaking, we cannot tell you that they do not contribute to its entrance in any way. Researchers say that the majority of users allow this infection to enter their computers by opening malicious attachments from spam emails. Once the attachment is opened and the ransomware infection is executed, it deletes itself but creates a copy %HOMEDRIVE%\user\Rand123\local.exe on the victim’s machine. Also, it checks if the computer is connected to the Internet and if the answer is yes, it sends certain details about the victim to its C&C server. Most probably, you think that it is a sophisticated infection, but it is not exactly true because, unlike sophisticated crypto-malware, it can be erased quite easily.

It is not very hard to delete Skull HT Ransomware, but it does not mean that you will decrypt your files by removing this infection. There are only two removal steps you need to perform: 1) open Task Manager and kill a process representing this ransomware infection and 2) delete all files belonging to this threat (%HOMEDRIVE%\user\Rand123\local.exe, %HOMEDRIVE%\user\ransom.jpg, and %USERPROFILE%\Desktop\READ_ME.txt). You can erase this infection automatically as well. To do this, you need to have an automated malware remover. Needless to say, it must be 100% trustworthy so that it could delete this nasty infection from your computer.

Delete Skull HT Ransomware

  1. Press Ctrl+Shift+Esc simultaneously to access Task Manager.
  2. Open Processes.
  3. Find and kill the process of Skull HT Ransomware.
  4. Close Task Manager and open Explorer by tapping Win+E simultaneously on your keyboard.
  5. Delete the following files one after another and then empty your Recycle bin:
  • %HOMEDRIVE%\user\Rand123\local.exe
  • %HOMEDRIVE%\user\ransom.jpg
  • %USERPROFILE%\Desktop\READ_ME.txt
Download Spyware Removal Tool to Remove* Skull HT Ransomware
  • Quick & tested solution for Skull HT Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.