Home Malware Programs Ransomware Horriblemorning Ransomware

Horriblemorning Ransomware

Posted: December 20, 2019

The Horriblemorning Ransomware is a file-locking Trojan that's from the second edition of the Globe Imposter Ransomware family. Just like the older versions, it uses encryption for locking files on Windows systems out of hopes of selling victims its unlocking help. Appropriate backups can avoid any danger of data loss, and most anti-malware products should delete Horriblemorning Ransomware by default.

It's not a Great Morning for Someone's Files

Waking up is the most vulnerable moment in most people's schedules, but some server administrators may find themselves in a worse situation than others. A new file-locking Trojan coming out of a well-known Ransomware-as-a-Service is attacking users out in the wild, with encryption as its preferred weapon. Although the Horriblemorning Ransomware uses thoroughly-publicized attack techniques, it's capable of giving any unprotected network the worst of all mornings.

The Horriblemorning Ransomware is one of the many offspring of the Globe Imposter 2.0 Ransomware – the second, major iteration of a family that imitates the Globe Ransomware symptoms. However, while it resembles Globe Ransomware, the Horriblemorning Ransomware conducts its custom variant of an encryption routine for locking the victim's documents, spreadsheets, pictures, and other media. Such attacks are most effective against users without backups, or with one that the Horriblemorning Ransomware deletes successfully.

Samples of the Horriblemorning Ransomware are coming in shortly after the similarly-recent 'ponce.lorena@aol.com' Ransomware campaign, as well as other 2019 attacks like the thematically-reminiscent Badday Ransomware, the Erenahen Ransomware and the Healforyou Ransomware. In every case, the victims have an opportunity of following the HTML-based ransoming instructions and 'purchasing' a decryptor for their files. Doing so is an enormous financial risk; criminals could keep the Bitcoins from the ransom and cease communications afterward without penalties.

Waking Up to a Better Day on Your Server

Although it's a new day for some threat actor's campaign, the Horriblemorning Ransomware runs off of the norms of the Ransomware-as-a-Service industry, generally, and specifically, those of the Globe Imposter 2.0 Ransomware business. Users should be cautious about server configurations for evading infections. Instigating factors can include weak password management, using outdated software with public vulnerabilities, leaving RDP accessible to the general internet, and opening risky files, such as e-mail-attached documents.

Although malware analysts expect most attacks from the Horriblemorning Ransomware, and other RaaS-based Trojans, to arrive against corporate entities, governments, and unprotected smaller businesses, any Windows computer at risk from the Trojan. Sufficient backup security is the only way of being sure that your documents and other files are safe from the Horriblemorning Ransomware, which could encrypt them permanently. Automated, non-local, and regularly-maintained backups are the best defense that's possible for most users.

Anti-malware utilities can, however, delete the Horriblemorning Ransomware as it attempts infecting your computer, assuming that threat actors don't disable them first manually.

The Horriblemorning Ransomware is a dreadful morn for someone, but who, malware experts aren't yet sure. Nonetheless, one doesn't need to see all of the Horriblemorning Ransomware work to know that it can be very threatening in the wrong hands – such as greedy extortionist hackers.

Loading...