'Tors@tuta.io' Ransomware

'Tors@tuta.io' Ransomware is a new file-locker that was spotted in the wild. Data-encrypting Trojans, like the 'Tors@tuta.io' Ransomware, allow their creators to generate revenue by blackmailing their victims into paying a ransom fee. This file-locker is a variant of the GlobeImposter Ransomware.

Propagation and Encryption

Threats like the 'Tors@tuta.io' Ransomware are typically distributed via phishing emails. The emails often include a malicious link or a bogus attachment, which carries the payload of the malware. Among other commonly used propagation methods are malicious advertisements, fraudulent social media posts, bogus application downloads, torrent trackers, etc. The 'Tors@tuta.io' Ransomware would compromise your computer and look for files, which match its criteria. File-lockers like the 'Tors@tuta.io' Ransomware are programmed to target documents, images, spreadsheets, audio files, presentations, videos, databases, archives, and many other filetypes. The goal of most ransomware threats is to lock as many files as possible in order to increase the chances of the user paying the fee demanded by the attackers. The encrypted files would have altered names. This is because the 'Tors@tuta.io' Ransomware appends a '.[TorS@Tuta.Io]' extension. For example, a file named 'white-cat.mp4' will be renamed to 'white-cat.mp4.[TorS@Tuta.Io].'

The Ransom Note

After encrypting your data, the 'Tors@tuta.io' Ransomware drops a file named 'Help decrypt.hta.' In the ransom note, the attackers ask to be paid a decryption fee in Bitcoin. However, the specific sum is not clarified. The creators of the 'Tors@tuta.io' Ransomware offer to decrypt up to three files for free, as long as they do not exceed 5MB in size and do not contain important data. The attackers include instructions on how to obtain Bitcoin. The contact details of the cyber crooks behind the 'Tors@tuta.io' Ransomware are ‘ToRs@TuTa.Io' and ‘torsed@protonmail.ch.'

It is not recommended to try and get in touch with the attackers. Instead, you should consider investing in a reputable, genuine anti-virus solution that will help you remove the 'Tors@tuta.io' Ransomware from your PC safely.