Ransom.HadesLocker Overview :

Ransom.HadesLocker is a new variant of WildFire Locker ransomware which discovered on 5th October 2016 and updated on 6th October 2016 at 1:54:11 PM. It behaves similar to ransomware that encrypts files and demand to pay ransom money but actually malware researchers classified it is a Trojan infection. It has been suspected that it is campaigns of MarksJoke and CryptFile2 ransomware. This variant of Trojan infection mainly targeted the Business services and Manufacturing verticals. It encrypts file by using strong AES encryption algorithm and then append .~HL[first_5_chars_of_password] at the end of the encrypted files. After encrypting files it creates ransom notes called  README_RECOVER_FILES_[victim_id].png, README_RECOVER_FILES_[victim_id].txt, README_RECOVER_FILES_[victim_id].html etc. 

Ransom.HadesLocker – Intrusion method

Ransom.HadesLocker is usually distributed over the PC by using different tactics and methods. But the main source of this infection are Spam-emails messages. Spam-emails and Junk mail attachments contained the URLs which linked to the MS Word document named levering-1478539.doc which hosted on the several sites with recently registered web domains. With the malicious codes there are numerous malware attached to intrudes into your PC. along with the Spam-emails, it can intrudes into your PC via torrent files, infected removable devices, file sharing network, online games etc. Thus you should be very careful while doing any activities. Otherwise you have to suffer with lots of troubles and big issues.

Behavior of Ransom.HadesLocker

The identified samples of Ransom.HadesLocker shows that it uses a payload that places these files on the affected PC including :

%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ronms.lnk

Then after it adds some entries into the Windows registry to make it as a persistent threat. The entries ensures that the malicious codes are automatically started on your PC when you boots. List of entries that added by Ransom.HadesLocker are as follows :

HKCU\Software\Wow6232Node\hwid [Your ID number]
HKCU\Software\Wow6232Node\status 1

List of file extensions that encrypted by Ransom.HadesLocker

.ai, .al, .asm, .asp, .bak, .bay, .c, .cer, .CPI, .cpp, .crt, .cs, .csv, .db, .doc, .dot, .dtd, .eps, .h, .hbk, .htm, .html, .java, .jpg, .key, .lua, .m .msg, .OBJ, .pas, .pdb, .pdf, .pem, .php, .pl, .png, .ppt, .ps, .py, .rar, .rtf, .sql, .sqlite, .STC, .STD, .stx, .tex, .txt, .wav, .wb2, .wpd, .xls, .xml, .zip

Once Ransom.HadesLocker executes on the compromised PC, it creates the following files in the all folders:


After encrypting files, Ransom.HadesLocker displays a ransom note on the desktop screen which linked to the http://pfmydcsjib(dot)ru, n7457xrhg5kibr2c.onion and http://jdybchotfn(dot)ru sites that warnings users that their files have been encrypted and they have to follow the instruction to decrypt the files. The ransom note may appears as follows :

Conclusion :

Ransom.HadesLocker is really most of the most dangerous System infection that encrypt all files and to decrypt them cost a huge money. But it does not gives you any guarantee to provide the decrypter tool after paying money. Thus it is advised by expert that you should delete Ransom.HadesLocker immediately from your affected PC rather than paying the ransom amount.

Scan PC to Remove Ransom.HadesLocker

How to Uninstall Ransom.HadesLocker from Control Panel from Windows 10

  • Click and Open Start Menu option


  • Settings option is to be selected on the menu to show all the contents


  • Click on System option


  • On the system Menu, Click on Apps and features option


  • Now Click on Ransom.HadesLocker to remove it from PC.

How to Eliminate Ransom.HadesLocker from Windows 8/8.1

Step 1: Press repeatedly F8 to boot PC in Safe Mode. Restart PC and select “Safe Mode with Networking”.


Step 2: Press ALT+Ctrl+Del to open Windows Task Manager. After that, search all the Ransom.HadesLocker related processes and then click to “End Task”


Step 3: Type “regedit” in Run dialog box and open Windows Registry Editor. Search and delete all the corrupt registries added by Ransom.HadesLocker infection.


Step 4: Go to Start and then click to open Control Panel.


After that, click Add/Remove Program


Uninstall Ransom.HadesLocker associated programs from Windows 8/8.1


Uninstall Ransom.HadesLocker From Window 7/vista

Tap on F8 Key to Enter Safe Mode


Restart PC and select “Safe Mode with Networking”


First of all close all running programs and open Task manager by pressing ALT + CTRL + DEL keys on your keyboard simultaneously.


Now Click on Processes menu and select all the processes associated with Ransom.HadesLocker one by one then click on End Task.


Now go to the desktop, click on Start Menu on the left lower corner. Move to Control panel and use left mouse click over it.


The Control panel window will open, if are getting the view by Category find and click “Uninstall a program” below “Programs” group.


Now select Ransom.HadesLocker within programs list and click on Uninstall.

Steps to Eliminate Ransom.HadesLocker from Windows XP

Step 1: Restart PC in Safe Mode by continuously pressing F8 button. After that, select “Safe Mode with Networking”.


Step 2: Open Windows Task Manager by pressing Alt+Ctrl+Del together. After that, find and select all the Ransom.HadesLocker associated processes and then click to “End Task” button.


Step 3: Open Run dialog box and then enter “regedit.exe” to open Windows Registry. Search and then delete all the corrupt and infectious registries added by Ransom.HadesLocker.


Step 4: Click Start button and then go to Control Panel, click to open Windows Add/Remove Program. Search all the Ransom.HadesLocker related programs and then uninstall it from Windows XP.



How to Uninstall Ransom.HadesLocker From Your Infected Browser

A. Guidelines to Remove Ransom.HadesLocker From Microsoft Edge Browser

How to Reset Default Search Engine to Uninstall Ransom.HadesLocker

Select Settings after selecting More (…) on the address bar


Click and select on View advanced settings option

advance settings-edge

In order to input the search engine, Click on <Add new> under option”Search in the address bar with”


Select Search engine and adds as default by clicking on Add as default option.

How to Reset Default Homepage on Microsoft Edge to Uninstall Ransom.HadesLocker

  • Select More (…) option on the address bar followed by settings
  • Select specific page or pages under Open with option
  • After selecting the Custom option, enter the URL of the homepage you wish to set as


B. How to Delete Ransom.HadesLocker from Google Chrome

Click to Open Google Chrome and then click on menu icon which is on the top right corner and then select Tools → Extensions


Select all the malicious extensions including Ransom.HadesLocker and then select trash icon


Again click on menu icon and select Settings and then click to Manage Search Engines under the Search section


In Search Engines, remove all the infectious search sites and set Google Chrome as Default Browser


C. How to Uninstall Ransom.HadesLocker From Mozilla Firefox

Launch Mozilla Firefox and find and click “Firefox” button on the top left corner on the screen.


A drop down box will appear, navigate to Add-ons option and click on it.


In the next window select and click on “Extensions” in left pane.


Find Ransom.HadesLocker add-on and click on the center area to see the border exactly and click on Disable button.
Wait a moment and let the add-on get disabled.


Now click the “Remove” button, later on uninstall the add-on Mozilla will ask you to restart the browser.


D. How to Remove Ransom.HadesLocker From Internet Explorer

First of all Launch Internet explorer by clicking the Task-bar Icon on desktop.

Now Click on Tool Menu on web browser interface.


Select and click on Manage add-ons in the drop down box.

A View and manage your Internet Explorer Add-ons window will open, now click on “Toolbar and Extensions” option in left pane.

A list of all installed ad-ons will appear, select Ransom.HadesLocker and click on “Disable” button and Reset IE


Click to Download Ransom.HadesLocker Scanner