Horseleader Ransomware
The Horseleader Ransomware is a file-locking Trojan that comes from GarrantyDecrypt Ransomware's family. Although infections can include other side effects, primary issues include problems with opening the files that the Trojan encrypts, changes to extensions, and the presence of Notepad ransom notes. Users should have comprehensive backups for recovering content and anti-malware tools for removing the Horseleader Ransomware securely.
You can Lead a (Trojan) Horse to a Server
The adage about horses and water is applying ironically to a new version of the GarrantyDecrypt Ransomware, a family of Trojans with significant social media support for its ransoming duties. The Horseleader Ransomware, contradicting the old saying, not only 'drinks' digital media that it has access to, but also modifies system settings for harming the user's Web-browsing experience. While doing so, it hides as a piece of Windows, making it well-disguised against any casual oversight.
The Horseleader Ransomware continues the theme of selecting a random name, a la Charmant Ransomware, Cammora Ransomware, '.metan File Extension' Ransomware, and COSANOSTRA Ransomware – all cousins in the GarrantyDecrypt Ransomware collective. The Windows program's dominant feature is its capacity for encrypting media, with which it 'locks' such content as text documents, spreadsheets, pictures, and music. It also appends extensions (as per its name) to their filenames, although this side feature is purely cosmetic.
Malware researchers are reaffirming multiple 'secondary' attacks in the Horseleader Ransomware's payload, besides its ransom note, which is a text file. Through changes to the Registry, it deletes intranet and proxy settings. It also disables the Windows firewall. Together, these effects will dismantle security features, including ones that could keep the Trojan from contacting its server or accessing more files for ransom.
The Easy Disguise that this Trojan Horse Prefers
Although its threat actor hasn't gone to the trouble of acquiring a digital certificate signature, the Horseleader Ransomware includes several elements for hiding itself. Its name and copyright details mimic a Windows component, the WMI Provider Host, with implications of being part of a Windows 7 Service Pack. While users always should avoid updates that aren't from official sources, it's just as possible that the Horseleader Ransomware is circulating through other exploits, including e-mail attacks or brute-forcing network passwords.
Administrators can choose passwords wisely and apply security patches for removing nearly all vulnerabilities to hackers' remote attacks. Malware researchers also regularly advise that all users, in professional environments or personal ones, use a well-maintained backup system. Backing up one's media to another place is the simplest means of recovering it from the Horseleader Ransomware's encryption attack, although it offers more questionable ransom solutions through Jabber et al.
The Horseleader Ransomware is galloping into 2020 with a new version of 2018's Trojan, to the detriment of those who open it. Users will need to protect their files accordingly, lest they get led into a situation that costs money to remedy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.