Threat Database Ransomware TOR Ransomware

TOR Ransomware

It appears that the Dharma Ransomware family is maintaining its position as one of the top choices among cybercriminals when it comes to developing new ransomware threats. One of the latest variants based on Dharma is the TOR Ransomware. The threat aims to sneak itself onto users' computers and then initiate an encryption process that will lock most of the data stored there. The consequences could be devastating with the affected users losing access to nearly all of the personal or business-related files.

The TOR Ransomware follows the established naming pattern observed in most Dharma variants. Each encrypted file will have a string representing the unique ID assigned to the victim appended to its original name. Next, the threat will add an email under the control of its operators, before finally slapping '.TOR' as a new file extension. Victims will be provided with two ransom notes - the main one will be displayed in a pop-up window while a secondary message will be contained inside a text file named 'FILES ENCRYPTED.txt.'

Details of the Ransom Messages

The pop-up window generated by the TOR Ransomware states that victims can restore their files but only if they meet the demands of the hackers. None of the important details, such as the amount of the ransom is mentioned in the note. For more details, users are directed towards contacting two email addresses - todecrypt@disroot.org or todecrypt@onionmail.org. The rest of the pop-up window is taken up by a section listing several warnings. The text file, on the other hand, contains just a couple of brief sentences that reiterate that victims should initiate contact via the two emails of the hackers.

The full text of the message in the pop-up window is:

'YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!
If you want to restore them, follow this link:email todecrypt@disroot.org YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:todecrypt@onionmail.org

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The text file contains the following instructions:

all your data has been locked us
You want to return?
write email todecrypt@disroot.org or todecrypt@onionmail.org
.'

Related Posts

Trending

Most Viewed

Loading...