‘.thor File Extension’ Ransomware

‘.thor File Extension’ Ransomware Description

PC security researchers have uncovered several variants of the Locky ransomware Trojan in October of 2016. The '.thor File Extension' Ransomware is one of these variants. Along with variants that use extensions such as '.perl' or '.shit,' the '.thor File Extension' Ransomware is designed to encrypt all of the victim's files and then demand the payment of a ransom, using an attack that is nearly identical to the infamous Locky Ransomware Trojan that has already been around for a while. This increased incidence of Locky variants may indicate a new development in ransomware distribution, such as a RaaS (Ransomware as a Service), which uses Locky variants in its attacks. The '.thor File Extension' Ransomware is designed to take money from inexperienced computer users by encrypting their files, taking them hostage, and then demanding the payment of a ransom.

How the '.thor File Extension' Ransomware may Attack Your Computer

The '.thor File Extension' Ransomware and other recent Locky variants may be transmitted by using corrupted email attachments, which may be delivered via spam email messages. These email messages may use misleading subject lines and messages designed to trick computer users into opening the attached file or clicking on a link embedded into the corrupted email. Doing either of these actions downloads and executes the '.thor File Extension' Ransomware's corrupted file, which will launch and begin encrypting the victim's files. The '.thor File Extension' Ransomware can carry out its encryption on the victim's computer automatically, making its attack particularly difficult to detect or stop while it's ongoing. The '.thor File Extension' Ransomware will encrypt files with the following extensions:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.

Like other ransomware Trojans, the '.thor File Extension' Ransomware is designed to encrypt the victim's files while keeping Windows operational, not targeting system files. This is done so that the '.thor File Extension' Ransomware can deliver a ransom note demanding the payment of its ransom. After completing encryption,and changing the affected files' extensions to '.thor', the '.thor File Extension' Ransomware will drop ransom notes in the form of HTML, image, and text files.

Recovering from a '.thor File Extension' Ransomware Attack

It may not be possible to decrypt the files that have been encrypted by the '.thor File Extension' Ransomware without having access to the decryption key. It is because of this that it is necessary to establish preventive measures before the ransomware attack happens. Malware analysts strongly advise computer users to backup their files regularly and to store them on an external memory device. If your files are backed up properly, then the con artists responsible for the '.thor File Extension' Ransomware will have no leverage to demand a ransom payment from you since it would be relatively easy to recover the files from their backup copies.

Infected with ‘.thor File Extension’ Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect ‘.thor File Extension’ Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 11 + 12 ?