Home Malware Programs Ransomware Homer Ransomware

Homer Ransomware

Posted: July 15, 2020

The Homer Ransomware is a file-locking Trojan that's a derivative of a Ransomware-as-a-Service family known as Dharma Ransomware or Crysis Ransomware. The Homer Ransomware can block your files by encrypting them and delete the local backups as part of its extortionist campaign. Users should ignore the ransom demands, recover from any secure backups, and have their favored anti-malware solutions uninstall the Homer Ransomware.

Television Gags Coming Back into Style with Trojans

Jokes referring to popular media are among the usual details that separate the less-professional works, like free Hidden Tear variants, from members of the usually-more-straightfaced Ransomware-as-a-Service entities, such as the Dharma Ransomware's family. A threat actor possibly operating in France is changing this trend up by inserting cartoon gags into his pet version of Dharma Ransomware. Since Homer Ransomwar's other elements are very much in keeping with the RaaS model, the 'update' can be dubbed cosmetic safely.

The Homer Ransomware is, like its close cousins Gyga Ransomware, Hlpp Ransomware, ROGER Ransomware, or YKUP Ransomware, a Windows-based program. Its primary feature is locking media files, which it accomplishes with the long-standardized technique of encrypting them with AES and securing it with an RSA key. More cosmetically, it also appends its name, e-mail address and an ID into their names.

The extortion half of its campaign comes through both HTA pop-up windows and Notepad TXT instructions, with the latter making use of grammatically-poor English. Here, the Homer Ransomware shows a sense of humor by incorporating a Simpsons television show character into its chosen address for negotiating over the criminal's unlocking service. Malware experts also point out the use of a France-based e-mail service, which isn't typical of the Crysis Ransomware's offspring and might indicate the threat actor's residence or scope of operations.

Keeping Cartoon Laughs Out of Your Digital Media

The Homer Ransomware's possible European affiliation doesn't make it any less harmful for users living elsewhere in the world, although it is a Windows-specific Trojan. Ideally, users should prepare backups secured on other devices with password protection for access, which will prevent the Homer Ransomware from encrypting and blocking all available media. As usual, the Homer Ransomware's payload includes an attack against the Shadow Volume Copies, which will wipe out any local Restore Points that would, ordinarily, help recover documents, databases, etc.

Malware experts recommend several common-sense defenses against the propagation methods of file-locking Trojans, including the Homer Ransomware's family and numerous others, especially, inside the RaaS industry. Turning off Flash and JavaScript will keep Web browsers from loading many of the vulnerabilities that Exploit Kits use for their drive-by-downloads. Avoiding weak passwords will head off any brute-force attacks. Particularly importantly, refusing or scanning downloads like torrents and e-mail attachments will block most of the manually-downloaded scams that the Homer Ransomware might use.

The Homer Ransomware might name itself after Homer Simpson, but it's only as stupid as its victims. The greed of file-locking Trojans is something anyone can outsmart but always requires responsible file administration, presuming that documents or photos are worth a ransom.

Loading...