*HELP_HELP_HELP*.hta file informs about Cerber ransomware attack
Finding the *HELP_HELP_HELP*.hta file on the desktop and seeing a ransom-demanding message on the screen is a sign that your computer has been infected with some latest version of the infamous Cerber virus. The virus is known as one of the most dangerous viruses of 2016. Sadly, its danger level hasn’t decreased this year as well, and this ransom-demanding file still bothers computer users all over the world. After infiltration, Cerber ransomware drops two new files on the system. The first one is our discussed HTML type file named *HELP_HELP_HELP*.hta which includes instructions how to pay the ransom and redeem encrypted files. The second one, HELP_HELP_HELP_[random characters].jpg file, is a background picture which is replaced as soon as data encryption is over, and gives directions to the ransom note. If you got infected with the virus, you might see a slightly different name of these files. Not only different versions of the virus, but every single attack may provide a different name of the ransom note. The Cerber family generates a unique string of characters that are appended to the encrypted files and added in the name of the ransom note and desktop picture. It allows indicating the victims; however, the structure of the name remains the same –_HELP_HELP_HELP_[random characters].hta.
Talking about technical details of the *HELP_HELP_HELP*.hta file, it seems that it was created using either VBScript or Jscript. It may seem that this HTML file only launches a ransom note in the browser (usually in the Internet Explorer); however, it’s more complicated process. This file is an executable which runs a ‘CERBER RANSOMWARE: Instructions’ program as soon as a victim clicks on it. The content of the ransom note includes basic information about data encryption and the only one possibility to decrypt them using Ceber Decryptor. However, we want to point out that you should not fall for the expensive generosity of the cyber criminals. The chance to restore their files starts from 1 Bitcoin. The size of the ransom may vary from victim to victim, based on the amount and importance of the encrypted files. Victims are asked to transfer the money to the provided Bitcoin wallet address and using Tor Browser. However, after making the transaction, you may experience a bigger loss. That’s why it’s not recommended to follow the orders.
What steps should you take to prevent Cerber from leaving a ransom note?
Cerber has many ways to enter to your computer and leave a *HELP_HELP_HELP*.hta file. These methods include malicious spam email campaigns, malware-laden ads, distributing malware via infected websites and using exploit kits. Avoiding ransomware is not as hard as it might look at first. Basically, you have to take two steps – strengthen your computer’s security with antivirus software and be careful while browsing the Web. Be critical with received emails and don’t forget that spam folder often contains high-risk emails that should not be opened. Clicking on links or opening attached files provided in these emails are extremely dangerous. Cerber might trick you into opening zipped Word file which asks you to enable Macros. If you do it, ransomware steps in the system. Of course, the content of the email and reasons to open the attachment might be reasonable and important. However, before opening them, you must double-check the information whether it’s a real issue or not. Furthermore, you should not visit potentially dangerous websites, such as pornographic, gaming, gambling, etc. However, if you ended up there for some reason, please do not click on any advertisement and close pop-ups immediately. No matter how great the offer may seem, it may be a trick to encourage you to click on a malware-laden ad.
Should I remove *HELP_HELP_HELP*.hta from the computer?
Undoubtedly, you can simply click ‘delete’ button and remove *HELP_HELP_HELP*.hta from the computer; however, it won’t solve the main problem. Your computer is infected with a hazardous ransomware virus, so you should take care of your computer’s security and start virus elimination. Cerber won’t leave your computer voluntarily and easily. Employ Reimage, Malwarebytes MalwarebytesCombo Cleaner or other reputable malware removal program, and let it delete the virus and all malicious files. Hence, *HELP_HELP_HELP*.hta removal should be performed along with virus elimination.