'.thor File Extension' Ransomware DescriptionType: Ransomware
PC security researchers have uncovered several variants of the Locky ransomware Trojan in October of 2016. The '.thor File Extension' Ransomware is one of these variants. Along with variants that use extensions such as '.perl' or '.shit,' the '.thor File Extension' Ransomware is designed to encrypt all of the victim's files and then demand the payment of a ransom, using an attack that is nearly identical to the infamous Locky Ransomware Trojan that has already been around for a while. This increased incidence of Locky variants may indicate a new development in ransomware distribution, such as a RaaS (Ransomware as a Service), which uses Locky variants in its attacks. The '.thor File Extension' Ransomware is designed to take money from inexperienced computer users by encrypting their files, taking them hostage, and then demanding the payment of a ransom.
How the '.thor File Extension' Ransomware may Attack Your Computer
The '.thor File Extension' Ransomware and other recent Locky variants may be transmitted by using corrupted email attachments, which may be delivered via spam email messages. These email messages may use misleading subject lines and messages designed to trick computer users into opening the attached file or clicking on a link embedded into the corrupted email. Doing either of these actions downloads and executes the '.thor File Extension' Ransomware's corrupted file, which will launch and begin encrypting the victim's files. The '.thor File Extension' Ransomware can carry out its encryption on the victim's computer automatically, making its attack particularly difficult to detect or stop while it's ongoing. The '.thor File Extension' Ransomware will encrypt files with the following extensions:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.
Like other ransomware Trojans, the '.thor File Extension' Ransomware is designed to encrypt the victim's files while keeping Windows operational, not targeting system files. This is done so that the '.thor File Extension' Ransomware can deliver a ransom note demanding the payment of its ransom. After completing encryption,and changing the affected files' extensions to '.thor', the '.thor File Extension' Ransomware will drop ransom notes in the form of HTML, image, and text files.
Recovering from a '.thor File Extension' Ransomware Attack
It may not be possible to decrypt the files that have been encrypted by the '.thor File Extension' Ransomware without having access to the decryption key. It is because of this that it is necessary to establish preventive measures before the ransomware attack happens. Malware analysts strongly advise computer users to backup their files regularly and to store them on an external memory device. If your files are backed up properly, then the con artists responsible for the '.thor File Extension' Ransomware will have no leverage to demand a ransom payment from you since it would be relatively easy to recover the files from their backup copies.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.