How to Remove HTRS Ransomware and Restore Data

About a week before the global WannaCry ransomware attack on May 12, a ransomware hunter named Karsten Hahn has discovered a new ransomware called NewHT which uses .htrs extension to encrypt files. It is still a currently in-dev ransomware and there seems no report about this ransomware from any victim for now, but it is time for us to get serious about it and learn dealing with the aftermath of ransomware attacks. All users should know how to prevent their computers from contracting ransomware by eliminating the possibility of getting infection. This article is focused on the .htrs ransomware and the measures that users should employ to ensure a higher level of defense against ransomware attack.

Run this virus scanner to prevent access to compromised websites with real-time protection and help increase your overall security!


What Is HTRS Ransomware?


HTRS Ransomware can be categorized as a kind of malware that locks the compromised computer to prevent the user from accessing data until the ransom gets paid. The scourge of ransomware is by far today’s biggest computer security concern. The digital extortion racket is an old trick – it’s been around since about 2005, but hackers have greatly improved on the scheme with the development of ransom cryptware. Being observed on May 4, 2017, the HTRS ransomware could be a new variant of Hidden Tear ransomware which is widely deemed as part of an educational project and the first open source ransomware. HTRS ransomware is the other name of Newht ransomware as it appends filenames with .hrts extension, so some computer security experts speculated that it may be short for ‘New Hidden Tear’.

The HTRS ransomware carries out a typical ransomware attack. It may be contained in a file that has macros enabled. A message from the Windows User Account Control system may appear when the victim opens the corrupted file. The HTRS ransomware will be delivered in an executable file named ‘htrs.exe.’ When victims agree to run this executable file, the HTRS ransomware will be installed on the victim’s computer and carry out its attack. The HTRS ransomware attack is relatively straightforward.

The following are the steps involved in most the HTRS Ransomware infection:

  • Scanning the victim’s computer for data and searching for user generated files.
  • Creating a list of the files that are eligible for its attack, specifically looking for certain file extensions.
  • Creating a unique encryption key which will be used to encrypt the victim’s files.
  • Using a strong encryption algorithm, the HTRS Ransomware will encrypt the victim’s files, making them completely inaccessible.
  • Connecting to its command and control server, putting the decryption key out of reach of the victim.
  • Delivering a ransom note to the victim’s computer to notify the victim of this unexpected attack.

PC security researchers suspect that the HTRS Ransomware is in a testing version because its ransom note does not contain payment instructions or any way to contact the perpetrators of the attack. Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, using antivirus software is still one of the best methods to protect your PC against known ransomware in the wild.


How to Rescue Your PC from HTRS Ransomware


The automatic remover should be your first choice while you are facing such a serious situation. A professional removal tool may help you to get rid of the ransomware completely. The database of the removal tool keeps daily update and it can remove the malware as long as the malware is detected. Now you can download the free scanner to do a thorough scan for your computer system.


You can get its scan service free of charge. During the process of scan, it will show a list of all detected items including the name, position and other detailed information. You can remove the detected items after the scan completes if you have purchased this product. If the removal is completes but your data is still locked, you can try the next step.



If the antivirus program fail to detect or remove the ransomware or you data cannot be recovered, you can utilize tools like Data Recovery, MiniTool Power Data Recovery Free to recover the corrupt file safely. But this seems not much helpful as you wish by the current evidence we have. If you create the restore point frequently or happen to have the restore point , you can choose to restore the system from the latest system restore point. However, this method can only be done when your restore point remains intact.

This option will take your PC back to an earlier point in time without affecting your files but it will delete the programs, updates and drivers that are appeared on your PC later than the restore point.

Perform a system restore for Windows 7

Step 1 Log in your computer as the administrator.

Step 2 Open Control Panel from Start menu.

control panel windows7

Step3 Click System and Security and click on Restore your computer to an earlier time.

system and security windows7

Restore your computer to an earlier time


Step 4 Press Open System Restore button.

Open system restore windows 7

Step 5 Click on the Next > and you will see a list of the restore point that you have created before. Choose the latest one that before your computer system got infected with the ransomware and then click on Next >.

choose restore point windows 7

Step 6 Confirm your restore point and click on Finish.

Finish windows7

Step 7 Click Yes to confirm your operations and start to restore the system.

Yes windows7

Step 8 The restore is in process.

restore begins windows 7

Step 9 You will see the message during the restore process. The time it takes to complete the whole process is uncertain as it depends on the system condition. You PC will automatically restart when restore finishes.

restore message

Perform a system restore for Windows 8

Step 1 Move your cursor on the screen’s right edge, and then click Search.

Step 2 Enter Control Panel in the search box, and click Control Panel.

control panel windows 7

Step 3 Enter Recovery in the Control Panel search box, and then tap or click Recovery.

Search-ControlPanel-Recovery type



Step 4 Click Open System Restore.


If you are asked for the administrator password, you should enter the password on the box.


Step 5 Click Next > and you will see a list of available restore points that you can choose. You should select the most recent point before the ransomware appeared on the system and click on Next >.


Step 6 Select Finish and click on Yes to start the restore.


Step 7 Now please wait until the restore process get finished. Don’t be surprised if you see your computer restart several times during the restore process.

Perform a system restore for Windows 10

Step 1 Right-click (or press and hold) the Start button, and then select Control Panel.

Step 2 Search Control Panel for Recovery.

Step 3 Select Recovery > Open System Restore > Next.

open system restore-min_zps8mn3pvdj

Step 4 Choose the restore point related to the problematic app, driver, or update, and then select Next > Finish.

show creadted restore point


Step 5 Click on Yes to make confirm for your actions.


The files affected by the HTRS Ransomware may not be decryptable currently. This is the same case as with most ransomware Trojans that follow a similar strategy. Because of this, in the current threat landscape, the best option for most computer users is to have strong backup measures.

How Can You Prevent HTRS Ransomware Infection?

Microsoft has issued a security patch for Windows XP and Windows 8 – a very unusual step for unsupported operating systems – which you can download from the links on Microsoft’s blog.

1. Always check who the email sender is
If the email is supposedly coming from a bank, verify with your bank if the message is legitimate. If the email came from a personal contact, confirm if your contact sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.

2. Double-check the content of the message
There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
3. Refrain from clicking links in email
In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, or use free services such as Trend Micro Site Safety Center.

4. Always ensure your software is up-to-date
Currently there are no known HTRS Ransomware that exploits vulnerabilities to spread, but it can’t be ruled out in the future. Regularly updating installed software provides another layer of security against many attacks.

5. Backup important data
One good safe computing practice is to ensure you have accurate backups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location. Windows has a feature called Volume Shadow Copy that allows you to restore files to their previous state, and is enabled by default. Cloud storage services can be a useful part of your backup strategy.

6. Add an extra layer of protection.
One of the best forms of protection against ransomware is installing a behavioral-detection antivirus software. It will watch your customers’ systems and networks for any suspicious events that might indicate an infection. With advanced anti-virus software, it is possible to remove the virus from a computer.


Share Button