Horon Ransomware

The Horon Ransomware is a recently spotted file-locking Trojan that has surfaced the Internet. When malware experts came across this new ransomware threat, they looked deeper into it and revealed that the Horon Ransomware belongs to the notorious STOP Ransomware family.

It is yet to be determined with full certainty what propagation method has been employed in the spreading of the Horon Ransomware. However, cybersecurity researchers speculate that the infection vectors used in propagating the Horon Ransomware may include mass spam email campaigns, faux application updates and infected pirated software. Once the Horon Ransomware gains access to a host, it will perform a quick scan. This scan will determine where the files, which the Horon Ransomware is meant to target, are located. Then, the Horon Ransomware will proceed the attack by locking the targeted data. When the Horon Ransomware encrypts a file, it alters its name. This threat adds a '.horon' extension to the files affected. For example, a file, which was named 'wet-umbrella.mp3' originally, will have its name changed to 'wet-umbrella.mp3.horon' when the Horon Ransomware applies its encryption.

The next action is to drop the ransom note. The Horon Ransomware's ransom note is named '_readme.txt.' This is nothing new for the STOP Ransomware family, as most variants of this threat use the same ransom note name. There is not a specific sum mentioned regarding the ransom fee demanded. However, the cybercriminals provide two email addresses where the victim is meant to get in touch with them – 'gorentos@bitmessage.ch' and 'stoneland@firemail.cc.'

Cyber crooks will try to lure you into their trap with promises and 'guarantees.' Do not fall for their trickery as they are likely to take your money and leave you empty-handed. A safer approach in this sticky situation is to acquire a legitimate anti-malware application and have it wipe the Horon Ransomware off your computer.