Tomas Ransomware

The Tomas Ransomware is a threatening program that encrypts files on infected computers and demands a ransom in exchange for a decryption key. An infection with this ransomware can be recognized easily as the malware has a strict pattern for renaming the affected files. All data locked up by the Tomas Ransomware will have the '.tomas' extension. In addition, a unique ID for each infected system and the attackers' contact e-mail address are added to the original name of the file.

The Ransom Note

Once the Tomas Ransomware finishes the encryption process, it creates a file named 'readme-warning.txt,' which contains the ransom message. In the ransom note, the attackers state that victims should not try to recover encrypted files as that may lead to their permanent loss. As typical in such cases, they also offer to unlock one file for free. The Tomas Ransomware note does not mention any particular amount of ransom; it only gives the e-mail addresses where victims should contact the malware creators: tomasrich2020@aol.com and tomasrich2020@protonmail.com.

How the Tomas Ransomware Spreads

Ransomware typically spreads through infected e-mail attachments, which the attackers mask as essential documents to trick potential victims into opening them. Such spam e-mails also may contain corrupted links that install malware when clicked. Another source of the Tomas Ransomware infection is torrent websites where naïve users download cracked software copies or fake updates. Unfortunately, in most cases, the data encrypted by ransomware can be recovered only from backups.