'.thor File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 191 |
| First Seen: | October 26, 2016 |
| Last Seen: | March 16, 2023 |
| OS(es) Affected: | Windows |
PC security researchers have uncovered several variants of the Locky ransomware Trojan in October of 2016. The '.thor File Extension' Ransomware is one of these variants. Along with variants that use extensions such as '.perl' or '.shit,' the '.thor File Extension' Ransomware is designed to encrypt all of the victim's files and then demand the payment of a ransom, using an attack that is nearly identical to the infamous Locky Ransomware Trojan that has already been around for a while. This increased incidence of Locky variants may indicate a new development in ransomware distribution, such as a RaaS (Ransomware as a Service), which uses Locky variants in its attacks. The '.thor File Extension' Ransomware is designed to take money from inexperienced computer users by encrypting their files, taking them hostage, and then demanding the payment of a ransom.
How the '.thor File Extension' Ransomware may Attack Your Computer
The '.thor File Extension' Ransomware and other recent Locky variants may be transmitted by using corrupted email attachments, which may be delivered via spam email messages. These email messages may use misleading subject lines and messages designed to trick computer users into opening the attached file or clicking on a link embedded into the corrupted email. Doing either of these actions downloads and executes the '.thor File Extension' Ransomware's corrupted file, which will launch and begin encrypting the victim's files. The '.thor File Extension' Ransomware can carry out its encryption on the victim's computer automatically, making its attack particularly difficult to detect or stop while it's ongoing. The '.thor File Extension' Ransomware will encrypt files with the following extensions:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.
Like other ransomware Trojans, the '.thor File Extension' Ransomware is designed to encrypt the victim's files while keeping Windows operational, not targeting system files. This is done so that the '.thor File Extension' Ransomware can deliver a ransom note demanding the payment of its ransom. After completing encryption,and changing the affected files' extensions to '.thor', the '.thor File Extension' Ransomware will drop ransom notes in the form of HTML, image, and text files.
Recovering from a '.thor File Extension' Ransomware Attack
It may not be possible to decrypt the files that have been encrypted by the '.thor File Extension' Ransomware without having access to the decryption key. It is because of this that it is necessary to establish preventive measures before the ransomware attack happens. Malware analysts strongly advise computer users to backup their files regularly and to store them on an external memory device. If your files are backed up properly, then the con artists responsible for the '.thor File Extension' Ransomware will have no leverage to demand a ransom payment from you since it would be relatively easy to recover the files from their backup copies.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.