Powerful Hidden Tear Ransomware

A new ransomware infection – Powerful Hidden Tear Ransomware – has been discovered recently by specialists. It is one of those HiddenTear-based ransomware infections, so it was not hard at all for specialists working at pcthreat.com to find out how it works. It has turned out that it is a typical ransomware infection. There is no doubt that it has also been developed for money extortion because it goes to encrypt victims’ personal files right after slithering onto their computers. Are you reading this article because you have already discovered this infection on your system too? If “yes” is your answer to this question, you should go to delete the ransomware infection from your computer the first thing. Then, you could restore the encrypted data. Unfortunately, there are not many ways to get files back without the decryption tool – the only thing you can do is to restore them from a backup you have. We do not try to say here that you should purchase special decryption software from cyber criminals. To be frank, our opinion about payments to malicious software developers is negative. In other words, we think that it is quite foolish to transfer money to them because there are no guarantees that you could decrypt your files after you send them your money.

As you already know, Powerful Hidden Tear Ransomware is typical crypto-malware. Consequently, it is not surprising at all that it goes to encrypt files it finds on compromised machines right away. It will not ruin any system files, but it will surely lock your all pictures, music, videos, games, and much more. All these affected files will be marked by the .locked extension, so you will soon realize that something is wrong. It is, of course, not the only activity this threat performs on affected computers. Researchers have noticed that it also checks if READ_ME.txt.locked exists on Desktop, and if it is there, the ransomware infection deletes this file right away and then drops READ_ME.txt in its place. This file contains a message for users. They find out what has happened to their files if they read it. Additionally, they are explained how they can decrypt their data. Just like similar ransomware infections, it demands a ransom of 0.00156 BTC. Once the payment is made, users need to send an email to novicehax890@gmail.com (the email address used might change). Cyber criminals should send you the decryption tool by email, but, unfortunately, we cannot guarantee that you will certainly receive it. We are sure you will not get your money back either in case you do not get the promised tool for decrypting files.

It has been observed that Powerful Hidden Tear Ransomware also checks whether the computer is connected to the Internet. Also, it might set a new picture as Desktop background. Last but not least, it sends information about users to its C&C server. It acts as a sophisticated threat, but, from the technical standpoint, it does not belong to the group of complex malware, so you should not find it very hard to delete it from your computer too. Before we talk about the removal of this ransomware infection, we will provide some information about the distribution of crypto-malware so that you could prevent similar malware from entering your computer easier in the future.

It is not a secret how ransomware infections are usually spread – they are often distributed in spam emails as attachments, specialists say. These attachments are made to look harmless, so it does not surprise us at all that so many users open them fearlessly and allow malicious software to enter their computers. As for Powerful Hidden Tear Ransomware, its launcher is usually spread as The Art of Amazon Carding.pdf.exe or The Art of Amazon Carding.exe. As can be seen, it might have two filename extensions. It might not be enough to prevent untrustworthy software from entering the system by simply ignoring spam emails and their attachments because more sophisticated malware might find another way to enter your computer. It does not mean that there is nothing you can do to protect your system from dangerous malware. Our security specialists say that all users must install reputable security software on their computer.

You should not find the removal of Powerful Hidden Tear Ransomware a challenging task because this infection does not make modifications that would be very hard to undo on victims’ computers. If you decide to erase it manually, it will be enough to delete three files that belong to this infection and kill the active malicious process. Keep in mind that you can clean your computer automatically too if you find it difficult to delete malware in a manual way. Unfortunately, no matter what you do, your files will stay encrypted.

How to delete Powerful Hidden Tear Ransomware

1. Press Ctrl+Shift+Esc.
2. Open the Processes tab.
3. Find and kill the malicious process.
4. Close Task Manager and press Win+E to launch Explorer.
5. Access %HOMEDRIVE%\[user] and delete the Rand123 folder.
6. Remove ransom.jpg from %HOMEDRIVE%\[user] .
7. Remove READ_ME.txt from %USERPROFILE%\Desktop.
8. Empty Recycle bin.