Home Malware Programs Ransomware Horon Ransomware

Horon Ransomware

Posted: June 18, 2019

The Horon Ransomware is a file-locking Trojan that's part of the STOP Ransomware family's Ransomware-as-a-Service business. Besides locking your files by encrypting them, they can add extensions, create ransom-themed messages, and may install other threats or hijack your Web traffic. Let your anti-malware programs delete the Horon Ransomware whenever possible before using your last backup for restoring files.

Trojans Refusing to STOP Around the World

The STOP Ransomware is, perhaps, the most ironically-named of the larger families of file-locker Trojans that rent themselves out to third-party threat actors. Since new versions of it, with minor cosmetic tweaks per campaign, appear nearly every day, the business model isn't stopping. Neither is its sprawling geographical spread, which malware experts continue noting in the latest version: the Horon Ransomware.

The Horon Ransomware is quite a bit more recent than old members of the Ransomware-as-a-Service like the codnat1 Ransomware, the Grovat Ransomware, the Norvas Ransomware or the Verasto Ransomware, although its specific version number is indeterminate. Malware researchers can re-confirm attacks with this version of the file-locking Trojan occurring in Spain, Indonesia, Thailand, and Vietnam, which makes the Horon Ransomware a global security risk, albeit one with an Asia-based inclination. Torrents, brute-force attacks against unsecured servers, and e-mail are some of the standard infection vectors for this Trojan.

The Horon Ransomware uses the AES cryptography with the backing of the RSA security for keeping users from cracking it. This attack converts media such as spreadsheets, music, pictures, and documents into illegible versions, which the Horon Ransomware denotes with the 'horon' extension. Users should note that, while disabling one's Internet connection will not stop the attack, it does have a benefit – it forces the Horon Ransomware into using a failsafe encryption-securing method. Any content that the Trojan locks this way may be recoverable through the appropriate decryption tools on the Web.

Sweeping Boundary-Crossing Trojans Back to the Sea

The Horon Ransomware's family, also known as Djvu Ransomware, uses English-language messages, for most campaigns, but this choice is a matter of convenience that doesn't affect the distribution of its members. Malware experts recommend that users with concerns about losing their files through these attacks watch their downloads, such as torrents, for suspicious files, as well as review any e-mail-based content for phishing attacks, such as corrupted attached documents. Backing up media before an attack may be the only way of restoring files for users that suffer from the 'online' version of the Horon Ransomware's payload.

Along with the blocking of most of the contents of your PC, the Horon Ransomware can include other dangers, according to how the threat actor configures its payload. Rare cases of attacks by this file-locking Trojan's genealogy include the presence of spyware that may collect passwords and other credentials and transfer them to the threat actor's server. The Horon Ransomware, also, may block some websites, esp. ones related to PC security. Anti-malware applications can remove the Horon Ransomware and the spyware that it may drop, while users can restore their Web-browsing settings with a clean Hosts file.

The robusticity of the Horon Ransomware's infection exploits is proving itself to an uncomfortably diverse range of victims. If you can't depend on your PC always being safe, you should, at least, place your faith in a well-stored backup and professional security products.

Loading...