Threat Database Ransomware Homer Ransomware

Homer Ransomware

By GoldSparrow in Ransomware

The Homer Ransomware is a new file-locker but not a unique one. This threat is a newly identified copy of the Dharma Ransomware. The Dharma Ransomware is a very popular file-encrypting Trojan, which dozens upon dozens of cyber crooks have used as a basis to create new data-lockers.

Propagation and Encryption

Data-locking Trojans, like the Homer Ransomware, are often propagated with the help of phishing emails. These emails often contain either a malicious link or a fake attached file. Users should be very wary of opening emails from unknown sources as many cybercriminals use this as an infection vector to distribute various scams and threats. Other methods, which are often utilized for the propagation of data-lockers, include fake social media profiles, bogus application downloads, and updates, torrent trackers, malicious ads, etc. When the Homer Ransomware infects your computer, it will scan your files to determine the data that will be selected for encryption. The Homer Ransomware targets a wide selection of filetypes, which means that when this Trojan runs its encryption process, it is likely that all your documents, audio files, images, spreadsheets, presentations, videos, databases, archives will be securely locked. The Homer Ransomware appends a new extension to all the targeted files - '.id-.[homersimpson777@mail.fr].homer.' This means that a file, which you had named 'heavy-rock.mp3' will be renamed to 'heavy-rock.mp3.id-.[homersimpson777@mail.fr].homer.'

The Ransom Note

In the next phase of the attack, the Homer Ransomware drops a file on the user's PC. This file is named 'FILES ENCRYPTED.txt' contains a ransom message by the authors of the Homer Ransomware. The attackers have kept their ransom message short. The ransom fee is not specified, so it is likely that it will only be disclosed once the user gets in touch with the attackers. The creators of the Homer Ransomware ask to be contacted via email - ‘homersimpson777@mail.fr' and ‘jack-green13@protnmail.com.'

It is not a good idea to contact cyber crooks. Regardless of what the ransom fee is, paying it does not guarantee you that you will receive the decryptor you need to reverse the damage done to your data. It is best to remove the Homer Ransomware from your PC with the help of an up-to-date, legitimate antivirus software suite.

Related Posts

Trending

Most Viewed

Loading...