This is an article that provides specific details on Horsuke ransomware infection as well as a step-by-step removal followed by alternative data recovery approaches.
Horsuke is a new strain of Scarab ransomware that is now being actively distributed via different attack vectors. The threat is still intended for file encryption as afterward, it can blackmail victims into paying a ransom for a specific decryption solution. At this point Horsuke ransomware is known to change the desktop background with a specially crafted picture and append the extension .HORSE to all encrypted files. Another trait of this new strain is the ransom note file HOW TO RECOVER ENCRYPTED FILES.txt that appears on infected hosts.
Horsuke Ransomware – Distribution
Necurs botnet may be used to spread spam emails that infect user systems with Horsuke ransomware. The same technique was detected to be utilized for the initial Scarab ransomware version back in November 2017. This botnet is responsible for the biggest malware spam campaigns that provide (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Gergana Ivanova. Read the original post at: https://sensorstechforum.com/remove-horsuke-restore-horse/