Horros Ransomware

What is Horros Ransomware?

Yet another file-encrypting ransomware was found, and it is called Horros Ransomware. Although it should be categorized as a ransomware, at the time of research, no ransom demands were made by the creators of the infection, which is not the most surprising thing, but it is still unusual. It is quite likely that this infection is still in development or that it was created by amateurs. Considering that it was built using the Hidden Tear source code – which is open for anyone – it is highly likely that it the infection was created by someone who did not know what they were doing. Although the threat does not demand any payment to be made in return of software that allegedly would decrypt files (such software is never given in exchange for the ransom anyway), it can encrypt files, which is why Windows users need to keep it away. If it is too late for that, and you need a plan to remove Horros Ransomware from your operating system, keep reading. If you have any questions about the things discussed, post a comment below.

How does Horros Ransomware work?

Horros Ransomware was created using the same source code that was used by the creators of Sorry HT Ransomware, Scammerlocker Ransomware, Krypton Ransomware, and many other threats. In some ways, they are all similar. For example, they are usually distributed using spam emails that have misleading messages that disguise the installers of the ransomware as document or PDF files. If the user is tricked into executing the infection, it starts the encryption process. Our research team has found that most threats from this group target files that are found in the %USERPROFILE% directory. Horros Ransomware also can corrupt files in the %APPDATA% directory. All threats have a set list of files that can be encrypted. The infection we are discussing in this report can encrypt 133 types of files, some of which include .jpg, .jpeg, .raw, .txt, .doc, .dot, .docx, .docm, .avi, .mov, .mp4, .mpeg, and .config. When these files are corrupted, the “.horros” extension is added to their names. Unique extensions added to the corrupted files are another feature that Hidden Tear threats have in common. Of course, the most important thing is that ALL of these threats require removal, and it does not matter whether or not they manage to encrypt data.

What can you do if your personal files were corrupted by Horros Ransomware? If the ransom request is made, do not pay attention to it, unless you want to risk losing your money. In this situation, the ransom is not demanded, which means that you are left to your own devices completely. A tool that would decrypt files does not exist at the moment, but it could be created in the future, which is why one option would be to store all corrupted files in one location and wait for the best. If you have backups for your files, you can delete the ones that were encrypted by Horros Ransomware immediately. Afterward, once your operating system is completely clean, you can transfer your personal files back onto the computer, if you need that. If backups did not exist, we suggest starting to back up files so that you would not have to lose them again.

How to remove Horros Ransomware

There are several things you need to consider before you decide how you delete Horros Ransomware from your operating system. For example, do other threats exist on your computer? If they do, can you erase them yourself? Whenever you are in a situation where multiple infections or highly malicious and complex infections exist, installing anti-malware software is advised. Furthermore, you need to consider your virtual security, and only reliable anti-malware software can take care of that for you. It might be possible for you to remove Horros Ransomware from your operating system manually, but we cannot tell you where you will find the launcher file or what its name will be. The guide below shows the most common locations where recently downloaded files are placed, but keep in mind that the launcher of the malicious ransomware could be found someplace different entirely.

Removal Instructions

  1. Simultaneously tap Win+E keys to launch Explorerand enter these paths into the bar at the top one by one:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  2. Right-click and Delete the malicious {unknown name}.exe file.
  3. Empty Recycle Bin and then perform a full system scan to check if your system is now clean. 100% FREE spyware scan and
    tested removal of Horros Ransomware*

Leave a Comment

Enter the numbers in the box to the right *