Threat Database Ransomware Thunder Ransomware

Thunder Ransomware

By GoldSparrow in Ransomware

The Thunder Ransomware Trojan is a generic crypto-threat that was reported on July 17th, 2018. Samples of the Thunder Ransomware Trojan were submitted to an online ransomware platform, and it was later confirmed that the program is based on the Everbe 2.0 Ransomware that emerged a few days earlier. As far as the comparative analysis revealed there are no major changes to the core functionality and the way the user’s data is encrypted. The Thunder Ransomware is almost identical to the Hyena Locker Ransomware, which belongs to the same family of Trojans. The threat payload is delivered via spam emails, and the small differences in the code suggest that the Everbe 2.0 might be operational on the Dark Web as a Ransomware as a Service platform.

The new variant of Everbe appears to encipher standard data formats and place the '[thunderhelp@airmail.cc].thunder' string onto filenames. For example, 'Silk Tree—Albizia.jpeg' is renamed to 'Silk Tree—Albizia.jpeg[thunderhelp@airmail.cc].thunder.' Affected PC users are unable to load their content using the native applications on their systems, and a ransom note can be found on their desktops. It is common for threats like Thunder Ransomware to apply an AES cipher to the user-generated files and use a simple text file to promote a decryptor. In this case, the "promotional message" is enclosed in '!=How_recovery_files=!.txt' and reads:

'Hello, dear friend!
1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ]
Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program.
2. [ HOW TO RECOVERY FILES? ]
To receive the decryption program write on our e-mail: thunderhelp@airmail.cc
And in subject write your ID: ID-[redacted 6 hex]
We send you full instruction how to decrypt all your files.
3. [ FREE DECRYPTION! ]
Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.)'

The team that operates the Thunder Ransomware is not likely to provide free decryption to users in any circumstances. The goal of ransomware campaigns is to lure as many users as possible into paying for decryption. You can prevent third parties from extorting you for money in exchange for a decryptor by using a backup manager. Backup images and cloud-based services like Microsoft's OneDrive can boost your resistance to ransomware. It is best to clean the compromised systems with the help of a reliable anti-malware suite.

Related Posts

Trending

Most Viewed

Loading...