Horsedeal Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 22 |
First Seen: | January 11, 2012 |
Last Seen: | July 5, 2022 |
OS(es) Affected: | Windows |
Malware analysts spot new ransomware threats on a daily basis. The barrier of entry, regarding data-locking Trojans, is rather low. This happens because even cybercriminals with little to no experience can create and distribute this threat. This can be mastered with the help of various ransomware building kits. One of the latest file-encrypting Trojans to emerge on the Web was named the Horsedeal Ransomware.
Propagation and Encryption
The techniques involved in the propagation of the Horsedeal Ransomware are yet to be uncovered. Some cybersecurity researchers speculate that the authors of the threat may be utilizing malvertising campaigns, bogus pirated copies of popular software tools and media, torrent trackers, mass spam email campaigns, etc. Upon infiltrating a targeted machine, the Horsedeal Ransomware will trigger a scan on all the files present on the victim's system. Next, the targeted data will undergo the encryption process of the Horsedeal Ransomware. The Horsedeal Ransomware is likely targeting a wide variety of common file types - .jpeg, .jpg, .gif, .png, .doc, .docx, .ppt, .pptx, .rar, .xls, .xlsx, .mov, .mp3, .mp4, etc. This means that the majority of the files present on the victim's computer will be locked with the help of an encryption algorithm. When the Horsedeal Ransomware locks a file, it alters its name by adding a '.horsedeal' extension at the end of its name. This means that a file named 'kitten-paw.jpeg initially will be renamed to 'kitten-paw.jpeg.horsedeal' and will no longer be executable.
The Ransom Note
The Horsedeal Ransomware drops a ransom note located in a file called '#Decryption#.txt.' In the ransom message, the attackers fail to mention a specific ransom fee. Instead, they insist on being contacted via email or ICQ. The authors of the Horsedeal Ransomware give out their contact details ‘bigbosshorse@xmpp.jp' (email address) and 'bigbosshorse' (ICQ username). It is likely that users who contact the attackers will receive instructions on how to process the payment required.
We would advise you against contacting cybercriminals. Most victims of data-locking Trojans never receive the decryption tool promised to them, even if they pay the ransom fee demanded. You should consider investing in an anti-virus software suite that will remove the Horsedeal Ransomware from your machine and ensure your safety in the future.