Horriblemorning Ransomware

The Horriblemorning Ransomware is a newly spotted file-encrypting Trojan lurking the Web in search of victims. The Horriblemorning Ransomware belongs to the notorious Globe Imposter 2.0 Ransomware family. Most authors of ransomware threats opt to base their threatening creations on already established threats instead of developing a data-locking Trojan from the ground up. This has allowed even low-skilled and inexperienced shady actors to create and propagate ransomware threats.

Propagation and Encryption

The Horriblemorning Ransomware is likely being distributed with the help of mass spam email campaigns. These emails tend to contain a corrupted attachment and a fraudulent message that urges the user to open the attached file. Other popular infection vectors include torrent trackers, fake pirated copies of legitimate applications, bogus software updates, downloads, etc. Once the Horriblemorning Ransomware compromises a computer successfully, it will look for a long list of file types, which it will target for encryption. Most ransomware threats tend to target file types, which are likely to be found on the systems of regular users - .jpeg, .jpg, .mp3, .mp4, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .rar, .pdf, .png, .mov, etc. Once the Horriblemorning Ransomware triggers its encryption process, it will lock all the targeted data. Upon locking a file, the Horriblemorning Ransomware will apply a new extension to it – ‘.Horriblemorning.’ For example, if you had named an image ‘December-morning.jpeg,’ the Horriblemorning Ransomware will rename it to ‘December-morning.jpeg.Horriblemorning.’

The Ransom Note

The ransom message of the attackers can be found in a file named ‘how_to_back_files.html.’ In the note, the creators of the Horriblemorning Ransomware state that they demand 1BTC (approximately $7,150 at the time of typing this post) as a ransom fee. The attackers have provided their Bitcoin wallet address. They also demand a screenshot as proof of the payment to be sent to ‘cryptomavens@protonmail.com’ and ‘cryptomavens@eclipso.eu.’

It is never a productive idea to pay cyber crooks. They may not provide you with a decryption key, even if you pay them. This is why you should download and install a genuine anti-virus tool to remove this nasty Trojan from your system and ensure your online safety in the future.