Scarab ransomware has got another malicious member in its family called Horsia. This crypto-extortionist works as a typical ransomware virus encrypting personal data with AES algorithm and adding a specific extension, in this case .[email protected], to the file’s name so the user would not be able to access it and asks for a ransom in Bitcoins for a decryptor.
What do you need to know about Horsia virus?
Horsia crypto-extortionist is a malware that will try to get victims’ money for unblocking the encrypted files. In this case the size of a ransom crooks are asking for is unknown (it says that it depends on how fast you will contact the hackers), but assuming from other crypto-virus examples it can be from around several hundred to a thousand US dollars. Hackers target personal files because victims are more likely to pay large amount of money for data they need and value the most.
Horsia malware gets into victims’ computers through vulnerable remote desktop protocol (RDP) configurations, spam email attachments, web injections, fake freeware downloads and infected update bundles or trojans. When the user clicks on the malicious attachment Horsia virus starts running scripts in the background and proceeds to complete ransomware installation. Crypto-infection scans infected operating system looking for potential targets, which usually are the personal photos, videos, audio, documents, then Horsia uses AES algorithm to encrypt these files and modifies file names adding .[email protected] string to it. That makes user incapable of accessing file. Ransomware viruses, Horsia included, are really persistent and affect registry, so even if you reboot your system, crypto-extortionist will restart with it also, locking your data again.
Once the final encryption happens Horsia malware puts a text file format ransom note called ‘How To Recover Encrypted Files.txt’ in a noticeable spot on the desktop’s background, so the victim could read directions to restore files. Ransom note starts with telling the user that his files are all locked and to generate decryption key you have to pay a certain amount of money in crypto currency BTC. It gives more information on how to get Bitcoins and to message hackers to Horsia’s email – [email protected].
Horsia’s ransom note states:
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: [email protected]
If you don’t get a reply or if the email dies, then contact us to [email protected]
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price: https://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
No matter how scary this may look and how many valuable information you got encrypted, never pay the ransom for hackers, because not only you most likely won’t get your files back but also will lose at least couple hundred dollars. This is how crooks make money, they scare the victim and mentally push them to pay, and once the transaction is made, they fully ignore the user. There are some better free methods on how to potentially restore your files.
First things first – Horsia crypto-infection removal
To get closer to restoring your infected system the initial step should be virus removal. Not only you have tor remove Horsia ransomware itself, but it is necessary to scan the whole computer for ongoing threats. This can be done manually and automatically. Since manual elimination method would take a longer time and following all steps correctly is not for everyone, we recommend using anti-malware automatic removal tools, but be careful of PUPs that instead of cleaning your system actually are malicious themselves like SafePCKit or RegProTech. 2-viruses team trust and recommend Spyhunter software, which reveal actual threats in your computer and help removing them.
Lastly, it is important to talk about practising cyber safety while browsing online. Do not download programs or attachments from a website that seem shady, be careful opening emails with attachments and from unknown sources and regularly DO create backups of your files.
Automatic Malware removal tools