Revenge Of Heisenberg is a ransomware strain based on the Chaos ransomware family, first detected through VirusTotal file submissions. It encrypts victims’ files and appends four random characters to filenames, rendering them inaccessible until a ransom is paid. The ransomware modifies the desktop wallpaper, drops a ransom note titled “read_it.txt”, and demands payment in Bitcoin (BTC).
What makes Revenge Of Heisenberg particularly dangerous is its ability to replace copied cryptocurrency wallet addresses, a function usually seen in clippers. This feature increases the likelihood of victims mistakenly sending funds to the attackers.
Revenge Of Heisenberg Ransomware Overview
| Attribute | Details |
|---|---|
| Name | Revenge Of Heisenberg |
| Threat Type | Ransomware, Crypto Virus, File Locker |
| Encryption Type | Uses unknown cryptographic methods (likely AES/RSA) |
| Encrypted File Extension | Appends four random characters to filenames (e.g., 1.jpg.nw2n) |
| Ransom Note Filename | read_it.txt |
| Ransom Amount | 0.1473766 BTC (~$15,000 at the time of discovery), with noted amounts in USD: $500 or $1,500 |
| Ransom Payment Method | Bitcoin (BTC) |
| Bitcoin Wallets Used | – bc1qw0ll8p9m8uezhqhyd7z459ajrk722yn8c5j4fg– 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV– bc1qlnzcep4l4ac0ttdrq7awxev9ehu465f2vptabc123– bc1qlnzcep4l4ac0ttdrq7awxev9ehu465f2vpt9aa |
| Detection Names | – Avast: Win32:RansomX-gen [Ransom] – Combo Cleaner: Generic.Ransom.Hiddentear.A.226FDC79 – ESET-NOD32: A Variant Of MSIL/Filecoder.Chaos.A – Kaspersky: HEUR:Trojan-Ransom.MSIL.Agent.gen – Microsoft: Ransom:MSIL/FileCoder.AD!MTB |
| Symptoms of Infection | – Files cannot be opened – Files have new extensions (e.g., .nw2n)– Desktop wallpaper is changed – Ransom note appears as read_it.txt– A ransom demand in Bitcoin is displayed |
| Damage | – Permanent file encryption (without decryption key) – Financial loss if ransom is paid – Potential installation of additional malware |
| Distribution Methods | – Phishing emails (infected attachments) – Fake software updates – Cracked software downloads – Drive-by downloads – Malvertising |
| Danger Level | High – Encrypts files, modifies system settings, and demands ransom in BTC |
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and any other malicious threats to your system by scanning your computer with SpyHunter now! It’s FREE!
Revenge Of Heisenberg Ransom Note
Below is the full text of the ransom note found in read_it.txt:
HA HA HA, Revenge of Heisenberg!!!
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com
Payment informationAmount: 0.1473766 BTC
Bitcoin Address: bc1qlnzcep4l4ac0ttdrq7awxev9ehu465f2vpt9aaHow to Remove Revenge Of Heisenberg Ransomware
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and any other malicious threats to your system by scanning your computer with SpyHunter now! It's FREE!
Step 1: Boot into Safe Mode with Networking
- Restart your computer and repeatedly press F8 (or Shift + F8 for Windows 10/11).
- Select Safe Mode with Networking and press Enter.
Step 2: Use SpyHunter for Automated Malware Removal
- Download SpyHunter.
- Install and launch SpyHunter.
- Click "Start Scan Now" to detect Revenge Of Heisenberg and related threats.
- After scanning, click "Fix Threats" to remove all ransomware components.
Step 3: Delete Suspicious Files Manually
- Press Win + R, type
taskmgr, and hit Enter. - End suspicious processes (random names or unusual CPU usage).
- Navigate to:
C:\Users\YourUsername\AppData\Local\C:\Users\YourUsername\AppData\Roaming\C:\Windows\System32\
- Delete unknown executable files.
Step 4: Remove Revenge Of Heisenberg from the Registry
- Press Win + R, type
regedit, and press Enter. - Go to:
HKEY_CURRENT_USER\Software\HKEY_LOCAL_MACHINE\Software\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- Delete any suspicious registry keys.
Step 5: Restore Encrypted Files (If No Backup Available)
- Use Windows Previous Versions:
- Right-click an encrypted file → Properties → Previous Versions.
- Use ShadowExplorer (if Shadow Copies exist).
- Try third-party decryption tools (if available).
How to Prevent Future Ransomware Infections
Keep Regular Backups
- Store copies on external drives and cloud storage.
Use a Reliable Antivirus
- Keep SpyHunter or Malwarebytes installed.
Be Cautious with Email Attachments
- Do not open attachments from unknown senders.
Avoid Downloading Pirated Software
- Stay away from torrents and cracked software.
Keep Your Software Updated
- Update Windows, browsers, and antivirus software regularly.
Conclusion
Revenge Of Heisenberg ransomware is a dangerous file-encrypting malware that demands Bitcoin payments to restore files. Paying the ransom is not recommended, as there are no guarantees of data recovery. Instead, removing the ransomware using SpyHunter and restoring files from backups are the best courses of action.
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and any other malicious threats to your system by scanning your computer with SpyHunter now! It's FREE!
