WhiteHorse Ransomware DescriptionType: Ransomware
WhiteHorse is a ransomware threat that can devastate the computers it manages to infect completely. The threat is equipped with a strong encryption routine that uses an uncrackable cryptographic algorithm to lock the victim's files. A wide range of file types can be rendered unusable effectively. Affected users will find that their personal or business-related files can no longer be opened or used in any way. The goal of the hackers is to then demand a ransom in exchange for providing the necessary decryption key and tool that can restore the data.
When the WhiteHorse Ransomware encrypts a file, it also changes that file's original name. The threat appends '.WhiteHorse' as a new file extension. It then generates a new text file named '#Decrypt#.txt' on the compromised device. This file carries the threat's ransom note with instructions for its victims.
According to the note, the attackers have managed to obtain sensitive data from the breached machines. They now threaten to either sell the collected information or release it freely on the Darknet, if the victims do not establish contact within the first 72 hours following the attack. The hackers also state that those users that reach out faster will get more favorable ransom terms. The note provides two communication channels in the form of an ICQ and a Skype account.
The full text of WhiteHorse Ransomware's note is:
'Hello my dear friend
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @Whitehorsedecryption
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 72 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
tell your unique ID.'
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.