THT Ransomware Description
The THT Ransomware is an encryption ransomware Trojan that has been used in large and medium-sized ransomware campaigns. The THT Ransomware seems to have been produced by Romanian speakers, judging from its source code. The THT Ransomware attacks were reported in the final week of June 2018. The THT Ransomware, like the many ransomware Trojans that have been attacking computer users systematically, will take the victim's files hostage, encrypting them with a strong encryption algorithm. The THT Ransomware attacks seem to have been carried out taking advantage of poorly protected Remote Desktop access and targeted large servers. Fortunately, the THT Ransomware has been causing minimal damage since victims have had backup images of the targeted computers (making a strong case for the effectiveness of having file backups and backup images as a primary way of protecting data from attacks like the THT Ransomware.)
How the THT Ransomware Attacks a Machine
There is very little to differentiate the THT Ransomware from the countless encryption ransomware threats that are being used to extort computer users currently. The THT Ransomware's attack doesn't differ from the modus operandi of other threats; it will use the AES 256 encryption to make the victims' files inaccessible. The THT Ransomware targets the user-generated files, which may include files with the following extensions:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The THT Ransomware's Ransom Demand
The THT Ransomware will deliver a text note in the form of a TXT file dropped on the infected computer's desktop. The message in the THT Ransomware's ransom note reads:
'Hello. Sorry, your company's server hard drive was encrypted by us.
We use the most complex encryption algorithm (AES256). Only we can decrypt.
Please contact us: TimisoaraHackerTeam@protonmail.com (Please check spam, Avoid missing mail)
Identification code: [random characters] (Please tell us the identification code)
Ransom: Please pay 10 bitcoins. After the payment is successful, we will tell the Password.
(If the contact is fast, we will give you a discount.)
In order for you to believe in us, we have prepared the test server. Please contact us and we will tell the test server and decrypt the password.
How to buy and pay for Bitcoin:
Or you can google search "How to buy Bitcoin"
If you know other trading websites better.
We are a professional hacker team, not a virus. We only take directional attacks. We know everything about your company. If you refuse to pay, we will disclose important documents that we have (file, email, contracts and many more).
We are a reputable organization and definitely not a liar. Our business covers more than 20 countries around the world. There are hundreds of companies that have successfully unlocked.'
It is clear that the criminals responsible for the THT Ransomware have large targets in mind, considering the large Bitcoin ransom demanded, equivalent to 60,000 USD approximately. Computer users should not communicate with the criminals or negotiate for the decryption key. Instead, computer users and businesses targeted by the THT Ransomware should have file backups or backup server images to enable them to restore any data that the THT Ransomware has compromised without having to resort to contacting the criminals, who are very unlikely to assist even if the ransom is paid.
Do You Suspect Your PC May Be Infected with THT Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like THT Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.