Horros ransomware virus is a new crypto-malware, using AES-256 algorithm for file-encryption. Even though it is standard that victims of ransomware infections like Magniber are introduced to demands for ransom, Horros virus is one of the exceptions: security researchers did not find a ransom note. Just like the Sorry crypto-virus, the newly-detected malware is also based on the popular Hidden Tear project. Usually, such ransomware infections are easier to defeat, and Michael Gillespie is already offering support for the victims who notice that their files are appended with the .horros extension.
Horros crypto-virus is based on Hidden Tear and appends .horros extension to the encrypted files
The payload for this virus is FileEncrypter.exe file which is already detected by a vast majority of the anti-virus tools. Therefore, if you are using popular security software, you should be able to track down the malicious files, belonging to Horros crypto malware. Security researchers have also found a connection between this FileEncrypter.exe and Cdn.discordapp.com website. In total, the ransomware appears to be targeting 66 file types. This means that basically any type of file could become encrypted.
Horros ransomware is assumed to be a test version of the infection. It could be that hackers distributed this unfinished variant to experiment and detect flaws in their malicious program. Even though this test version is currently decryptable (as Michael Gillespie suggests), it could be that cyber criminals are planning to release a full-on virus, containing ransom instructions and other necessary elements (Ransomware: Not dead, but evolving nasty new tricks). Until then, you should not be too worried about this infection. If your files are featuring .horros extension, please contact the security researcher Gillespie and ask for assistance.
Other options to protect yourself from Horros crypto-malware
Victims of Horros ransomware are lucky enough to be infected with a virus that is decryptable. In other cases, people might not have the option of recovering their data for free. Therefore, they start considering the ransom demands and whether it is worth it. We can briefly answer this question: no, you should not give into the demands of extortionists. In some situations, hackers do not provide decryption tools even after the ransoms are paid. Therefore, even after spending money on a decryptor, you might still have encrypted files.
Considering this, you should definitely back up your digital data in storages. There is a big variety of online backup services that will protect your files from harm. Ransomware victims that have backups of their data can easily escape the nightmare of crypto-malware. All they have to do is get rid of the virus and retrieve their files from storages. In addition to this, you could also protect your files by storing them in USB flash drives.
Ways that the Horros crypto-virus uses for distribution
Like any other ransomware, Horros infection will probably choose the most popular methods for transmission. As we have noted in the previous paragraphs, this virus is associated with a website that might be distributing the infection. However, do not forget to be careful with the email letters you receive in your account. Please check whether the senders are legitimate and are definitely associated with certain services. For instance, you could receive an email message from an airline, urging you to download a .pdf or a .doc file, containing information about the flight you have ordered. However, if you do not have plans to travel, this is clearly spam.
Now, it is important that you would get rid of the Horros ransomware. You can follow the manual guidelines, helping you complete full system restore. At the end of this paragraph, you will find a list of the first actions you must complete during a system restore. However, we strongly recommend that you would consider installing an anti-malware tool. Spyhunter will protect you from malicious programs, will allow you to run regular scans and will allow you to enjoy a malware-free operating system.
The manual removal includes these steps:
- Rebooting your computer in Safe Mode (Enable Safe Mode with Command Prompt)
- Once Command Prompt launches, type in cd restore and press enter.
- Enter rstrui.exe and press enter again.
- Click “Next” in the Window which appeared.
- Select one of the Restore Points which would suggest a date before Magniber ransomware infected your device.
- Click “yes” to start a system restore.
Automatic Malware removal tools