Tornado Ransomware
The Tornado Ransomware is another generic crypto-threat, which appears to mimic the behavior of the DCRTR Ransomware and the '.twist File Extension' Ransomware. The Tornado Ransomware payload is injected into systems via phishing emails and users are urged to run a corrupted macro believing it is supposed to improve the rendering of a text document. The threat at hand is programmed to encipher the user-generated content, and it may cripple database management on entry-level servers. Research on test machines showed that the Tornado Ransomware is designed to encipher common file types associated with Microsoft products, media players, image viewers and open-source office suits. The encrypted files are easy to recognize by the '[
'All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: helpcrypt@airmail.cc.You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.In case of no answer in 48 hours write us to theese e-mails: supphelp@cock.li
[512 RANDOM CHARACTERS]'
The threat actors are reported to operate the 'helpcrypt@airmail.cc' and the 'supphelp@cock.li' email accounts, which victims are suggested to contact if they find 'key.txt' on their desktops. At least that is what the Ransomware operators are hoping you would do. We advise against communications with the 'helpcrypt@airmail.cc' and the 'supphelp@cock.li' email accounts. You can rebuild your data without paying hundreds of dollars to a Bitcoin wallet by booting system recovery disks, loading backups and accessing cloud-based services such as Google Drive, Spider Oak, Mega and Dropbox. It is recommended to clean the infected devices with the help of a respected anti-malware product. The objects created by the Tornado Ransomware are likely to be marked by AVs with the following names:
- Generic.Ransom.BTCWare.F11B680C
- Trojan-Ransom.FileCoder
- Trojan.Win32.Z.Ransom.224768
- Trojan[Ransom]/Win32.AGeneric
- Uds.Dangerousobject.Multi!c
- Win32.Trojan.Gen.Lkxl
- Win32.Trojan.WisdomEyes.16070401.9500.9995
- a variant of Win32/Filecoder.NPL
- malicious_confidence_90% (W)
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.