Horsedeal Ransomware
The Horsedeal Ransomware is a file-locking Trojan that blocks your files and provides addresses for negotiating over a ransom for the unblocking solution. The threat may use disguises, such as fake anti-virus software, for infecting your PC. Use anti-malware solutions for identifying and deleting the Horsedeal Ransomware, and backups on secure devices for recovering lost data.
A Pretty Horsey Deal over Instant Messengers
Although families like Hidden Tear are responsible for many iterations of Trojans, singular projects by individual criminals also have their place. the Horsedeal Ransomware, like the Mind Ransomware or the Sun Ransomware, operates outside of the boundaries of Ransomware-as-a-Service industry families and lets the author keep any profits entirely to himself. Besides being independent, the Horsedeal Ransomware also has exceptional social messaging integration, rather than the more traditional, and low-effort, e-mail negotiations.
The Horsedeal Ransomware is a Windows program that uses UPX packing for concealing its nature as a threat, albeit ineffectually. The Trojan blocks RTF and Word documents, JPG and GIF images, and similar media, through encrypting them and erasing the originals. Users can search their folders for 'horsedeal' – the extension that the Trojan appends to each filename – for finding the affected content. While malware experts are hesitant to confirm a lack of decryption potential for the Horsedeal Ransomware, no current solutions are available for the public, besides the Trojan's ransom-based option.
The Horsedeal Ransomware doesn't give away its ransom price in the note or horse-themed image that it drops. However, it does offer relatively substantial support: Jabber and ICQ messaging options. Such opportunities aren't new to this Trojan, but are rare, with few competing examples, such as the Russian XCrypt Ransomware or variants of the Phobos Ransomware, like the Calum Ransomware. Ordinarily, threat actors favor a less hands-on approach; however, the 'live' instant messaging interactions may provide room for negotiating more reliable ransom payments.
The Deal with a Fake AV Trojan
The Horsedeal Ransomware is, like many file-locker Trojans, incorporating deceptive naming practices into its means of distribution. Samples of the Horsedeal Ransomware's installers, while not bearing certificates, use naming conventions that suggest that the program is an update for anti-virus software. Such false software downloads are prolific among torrent networks and may circulate through non-secure advertising networks. Users should, accordingly, avoid installing updates from anywhere but endorsed links.
Paying unknown ransom costs for a decryptor that might not arrive has natural drawbacks, but most users can protect themselves before infection easily. Using secure passwords, avoiding unsafe downloads as noted in the last paragraph, and disabling features like JavaScript and macros are useful. Workers in business environments also should pay close care to any e-mail-attached content, which malware experts often flag as infection vectors.
Most anti-malware tools should delete the Horsedeal Ransomware on sight despite the intentionally misleading descriptive data fields on its EXE.
Keeping one's anti-virus updated is only responsible for those who do so through credible sources. Following any random download link to its source can get one's files into more trouble, rather than resolving any supposed security issues that a pop-up might assert.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.