Todar Ransomware
Malware experts have spotted a new ransomware threat emerging recently. This data-encrypting Trojan is named Todar Ransomware and appears to be a variant of the popular STOP Ransomware.
Propagation and Encryption
It is not yet clear what infection vectors are being employed in the propagation of the Todar Ransomware. However, some researchers believe that the creators of the Todar Ransomware may be using some of the most common methods of spreading ransomware threats – fake pirated variants of popular applications, bogus software updates, and spam emails containing infected attachments. Whatever method is employed, the end goal of the Todar Ransomware is one – to infiltrate your PC. Once this is done, this ransomware threat will launch a scan that is used to determine the location of the files, which will be targeted for encryption. Then, the Todar Ransomware will use an encryption algorithm to lock the data targeted. Once this ransomware threat locks a file, it amends its filename by adding an extension ‘.todar.’ This means that an audio file that was called ‘mermaid-song.mp3’ will have its name altered to ‘mermaid-song.mp3.todar.’
The Ransom Note
In the next step of the attack, the Todar Ransomware will drop its ransom note that is called ‘_readme.txt’ which complies with the standard of most STOP Ransomware variants, which have identical names of their ransom notes. The note states:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
varasto@firemail.cc
Our Telegram account:
@datarestore
Mark Data Restore
Your personal ID:’
As you can see, the authors of the Todar Ransomware demand $980 as a ransom fee. However, they offer a 50% discount if the victim pays within 72 hours, knocking down the price to $490. They provide two email addresses for contact – ‘gorentos@bitmessage.ch’ and ‘varasto@firemail.cc.’ For the users that prefer Telegram as a way to get in touch, they give out their Telegram contact details too - @datarestore.
We recommend you to stay away from cyber crooks at all costs. It is not worth trying to reason with individuals that lack scruples and are willing to trick innocent users. Instead, make sure you remove the Todar Ransomware from your system using a reputable anti-malware application. Also, make sure you update the anti-virus tool you install regularly so that you are guaranteed maximum security.
