Threat Database Ransomware TowerWeb Ransomware

TowerWeb Ransomware

By GoldSparrow in Ransomware

The TowerWeb Ransomware is a ransomware Trojan that receives its name because of the email address that has been associated with it (the TowerWeb at Yandex.com). The TowerWeb Ransomware will change the Desktop image of the infected computer to the infamous Anonymous masked man and asks for $100 USD, an amount considerably less than other threats. This image file is named 'Payment_Instructions' and is stored on the victim's desktop. One aspect of the TowerWeb Ransomware that has caught the attention of PC security researchers is that the TowerWeb Ransomware 'toys' with its victims by carrying out several modifications to their computers. For example, the TowerWeb Ransomware will swap the victim's mouse buttons, using the following:

'RUNDLL32 USER32.DLL,SwapMouseButton'

The Tower that Needs to be Overthrow Right Away

The TowerWeb Ransomware claims to be similar to most ransomware threats apart from these peculiarities where the TowerWeb Ransomware toys with its victims. Like most ransomware threats, the TowerWeb Ransomware claims to encrypt its victims' files and then demands the payment of a ransom in exchange for the decryption key. The TowerWeb Ransomware demands a payment that is less than other threats, a tendency that has been observed in various other threats. The ransom note associated with the TowerWeb Ransomware says:

'............WRITE THIS INFORMATION DOWN............
Ransom Id: ***
BTC Address: ***
Email: the TowerWeb@yandex.com
IF YOU LOOSE THIS INFO YOU WILL NOT BE ABLE TO CONTACT
............WRITE THIS INFORMATION DOWN............
YOU WILL NEED TO USE ANOTHER
DEVICE TO EMAIL US. YOUR
COMPUTER WILL NOT FUNCTION PROPERLY
UNTIL YOU PAY.
Your computer files have been encrypted moved to a hidden ENCRYPTED partition in your computer.
You must pay $100 USD within 24 hours or $150 after 24 hours in Bltcoint to get them back.
After 72 hours all files will be deleted including your operating system.
If you do not have Bitcoin visit www.LocalBitcoins.com to purchase them.
Email us if you need assistance or have paid.
Email: the TowerWeb@yandex.com
In the mean time you will notice your computer will not respond to your commands.
Dont worry... everything will be back to normal when you pay.
Once you pay all your files and programs will be decrypted and your computer restored quickly.
Without the decryption password you will not get them back and your computer will not function properly.
Once payment is received you will get the decryption password and simple instructions to restore all
your files and computer to normal instantly. Takes about five minutes to restore everything to normal.
Once again... after 72 hours all files will be deleted including your operating system.
Email us if you need assistance or have paid.
Email: the TowerWeb@yandex.com
The same information is on your desktop.
DO NOT LOOSE THE CONTACT INFO
HINT: IF YOU CANT CLICK ON ANYTHING YOUR
MOUSE BUTTONS HAVE ALREADY BEEN REVERSED.
MORE CHANGES WILL COME UNTIL YOU PAY.'

Apart from the changes to the mouse buttons, the TowerWeb Ransomware will cause the affected computer to reboot repeatedly, making it especially irritating. It is possible to stop the TowerWeb Ransomware's reboot and shutdown by opening a terminal and executing the following command:

'shutdown-a'

The TowerWeb Ransomware deletes files in the user's profile and empties the Recycle Bin. Unlike other encryption ransomware threats, the TowerWeb Ransomware does not use encryption and instead deletes the victims files. Because of this, paying the ransom is completely useless. The TowerWeb Ransomware is similar to screen lockers and similar threats, which used to be some of the most popular ransomware threats before encryption ransomware Trojans took their place.

How the TowerWeb Ransomware may Enter a Computer

The TowerWeb Ransomware may be distributed using corrupted email messages. PC security analysts have associated 'legal' email messages with the TowerWeb Ransomware especially. These corrupted email messages will seem to have been sent by an attorney of some sort, and may contain convoluted legal language and confusing content to trick inexperienced computer users into believing that the email was sent from a reliable source. These emails should be ignored, and computer users should never open unsolicited email attachments to prevent the TowerWeb Ransomware attacks and other infections.

Trending

Most Viewed

Loading...