Humble Ransomware

The Humble Ransomware is a file-locking Trojan that can encrypt and block the user's files, which it uses as leverage for demanding ransoms. The Humble Ransomware also may rewrite the MBR and prevent the PC from restarting. Ideally, Windows users should remove the Humble Ransomware as soon as possible with dedicated security services before recovering their work with backups.

Being Humble isn't Always a Good Look for Software

File-locking Trojans come in many flavors, from the unique and ambitious to copy-and-paste imitators. What rarely varies is the fact that they're after money, which they extort by holding the victim's files hostage. The Humble Ransomware is a new example in the field, showing how low one Trojan can go while still profiting.

The Humble Ransomware is perhaps most odd for some technical details that set it apart from similar threats like Hidden Tear or the STOP Ransomware Ransomware-as-a-Service. Its code compilation uses a batch file-based wrapper, a non-standard (but not totally-new) format for these Trojans. It also employs Discord as a discount C&C-contacting service for sending information back to the attacker. As for its installation exploits, malware researchers have minimal intelligence, although its campaign targets home users.

Of course, the Humble Ransomware, like most file-locker Trojans, can block media like documents or images and does so through encrypting the files and deleting the non-encrypted originals. This feature offers the leverage for extorting ransoms out of victims in return for the threat actor's unlocking help, as per its ransom note's conditions. However, the Humble Ransomware also adds another incentive by threatening to destroy the Master Boot Record or MBR, which is a requirement for booting the computer. The absence of a legible MBR is the same as 'bricking' a computer, creating high stakes for victims, even with backups.

These attacks are nothing more than attempts at making a trivial amount of money per victim: under ten USD, or 0.0002 Bitcoins.

Teaching Trojans What Real Humility Means

Although malware analysts can't yet track the Humble Ransomware back to its current infection exploits, file-locker Trojans incline themselves towards predictable strategies. Most users can keep their computers safe from attacks by installing security updates, avoiding unusual or illicit downloads, turning off features like RDP or JavaScript using appropriately-strong passwords. The Humble Ransomware might circulate through phishing tactics like e-mail attachments, or more random methods, like torrents.

Trojans don't always use attacks that victims can reverse very easily or at all. For the Humble Ransomware, backups are essential for recovering any files without paying the ransom – which, no matter how affordable, builds incentive for more Trojan development. There also is a risk of the attacker's not giving any help back to users who pay, at no risk of a one-sided refund, thanks to the Bitcoin specification.

Users can repair their MBRs with free tools by rebooting their computers through appropriate USB or DVD recovery devices. Most Windows anti-malware services also will block the Humble Ransomware installers or delete the Humble Ransomware after the installation comprehensively.

The Humble Ransomware might keep its head low, but it's still running a rigged operation of criminal behavior that's not much different from a mugging on the street. Even if it's asking for pennies, a Trojan that destroys integral software is a grave danger to anyone who doesn't react to it in time.