ThunderX Ransomware
The ThunderX Ransomware is a unique ransomware threat that has not been placed as a part of any previously existing ransomware family yet. Nevertheless, it follows the typical ransomware behavior with little deviation - it uses cryptographical algorithms to encrypt the most popular filetypes, rendering them inaccessible and unusable. Then, ThunderX Ransomware attempts to extort its victims in exchange for the restoration of the affected files.
The most obvious sign that the ThunderX Ransomware has infiltrated your computer is if out of nowhere, all of your files have '.tx_locked' appended to their names as a new extension. The ransom note left by the hackers is dropped as a text file named 'readme.txt.' The file containing the ransom note can be found in every folder with encrypted files.
The hackers warn that the ThunderX Ransomware has the capability to either outright delete or format the default backups of the affected files. Victims are left with two email addresses that they are supposed to use to contact the cybercriminals. The emails are deloneThunder@protonmail.com and ThunderBirdXeX@cock.li. Up to 3 files can be sent for free decryption as a demonstration that the locked data can indeed be restored. The ransom note contains a unique key and victim's ID for each compromised system and both must be included in the email message.
Contacting the criminals behind any ransomware threat, the ThunderX Ransomware is not an exception, is a risky option that could leave the affected users in even bigger troubles.
The full text of the note used by ThunderX Ransomware is:
'Attention! Your network has been locked by ThunderX
Your computers and server are encrypted
For this server all encrypted files have extension: .tx_locked
Follow our instructions below and you will recover all your data
----
You cant open or work with files while it encrypted - we use strongest encryption algorithms
All backups are deleted or formatted, do not worry, we can help you restore your files
The only way to return your files back - contact us and receive decryption program.
Do not worry about guarantees - you can decrypt any 3 files FOR FREE as guarantee
----
Contact us: deloneThunder@protonmail.com or ThunderBirdXeX@cock.li
And attach in first letter this file or just send all info below (copy all info!):
key: -
personal id: -'
