Threat Database Ransomware Horizon Ransomware

Horizon Ransomware

The Horizon Ransomware is a file-locking Trojan that comes from the VoidCrypt Ransomware family. It can disable users' files en masse by encrypting them so that they can't open and creates related symptoms, such as new extensions and ransom notes. Users should always have a backup somewhere else for retrieving their files in a worst-case scenario and let trusted brands of security services remove the Horizon Ransomware infections.

Seeing the Not-So-Distant Horizon Ransomware of a Trojan Family

One usually doesn't need to go too far to see the next version of a thriving family of file-locking Trojans, whether it's enormous ones like the STOP Ransomware or newer competitors like the VoidCrypt Ransomware. The Horizon Ransomware is more proof that VoidCrypt Ransomware is a viable resource for attacking Windows users' files and getting ransoms back out of the deal. Although it's very similar to old Trojans, such as the Dharma Ransomware, the Horizon Ransomware is part of a new generation, going into the new year.

The Horizon Ransomware continues the preference for Trojans targeting Windows systems, AKA, the largest pool of possible victims. A summary of its most pertinent symptoms for the users on the wrong end of its payload includes:

  • Its encryption routine stops digital media formats of files (DOCs, TXTs, JPGs, GIFs, MP3s, MP4s, AVIs, etc.) from opening when the user double-clicks them. This feature converts each file into an unreadable cipher that requires a specialized decryption tool for reversing.
  •  The Trojan adds an extension with its e-mail address, an ID for the victim and the campaign tag ('Horizon,' in this case) to the files' names for easy visibility of the 'hostages.'
  • It also creates a pop-up as an advanced HTML (or HTA) page. This ransom note uses a background specific to the VoidCrypt Ransomware group, with a two-day deadline before the Bitcoin price of unlocking the files doubles.

Malware researchers generally recommend against making any cryptocurrency payments to criminals. Since threat actors may launch more attacks, provide poor service, or withhold the recovery solution, victims should try other solutions for restoring their work first. Ideally, having offsite backups with some additional security helps with recovery from all file-locker Trojan infections significantly.

Shrinking the Troubles from Ever-Growing Families of Threats

There are regular updates to the Horizon Ransomware's family. The VoidCrypt Ransomware campaigns as of late 2020 also include the Decme Ransomware, the Exploit Ransomware, the Lalaland Ransomware, the Legend Ransomware and more. Malware experts find the most significant split in payloads concerns using different ransom instructions, but all other attacks, such as data encryption, are identical.

Security basics like using strong passwords, scanning downloads before opening, leaving off features like macros or in-browser scripts and installing updates are excellent means of thwarting infections and drive-by-downloads from all sources. Although malware experts have yet to acquire samples of phishing lures or other installation-related media, most victims of file-locker Trojans endanger their PCs beforehand negligently. The Horizon Ransomware is only for Windows environments, but there are competing examples of similar Trojans for Linux android and macOS.

While incapable of unblocking files, almost any high-quality anti-malware service will remove the Horizon Ransomware and stop its installation before the encryption attack.

As far as horizons go, the Horizon Ransomware provides a view of the future that's indistinguishable from old attacks. Then again, when the same sabotage stays workable, one might ask why a hacker needs to change their game plan.

Related Posts


Most Viewed