Home Malware Programs Ransomware '.thor File Extension' Ransomware

'.thor File Extension' Ransomware

Posted: October 26, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 447
First Seen: October 26, 2016
Last Seen: March 16, 2023
OS(es) Affected: Windows

The '.thor File Extension' Ransomware is a Trojan with capabilities focusing on blocking your local content via ciphering techniques and dropping messages soliciting money for its decryption. PC owners should protect their files by keeping backups for restoring as needed, and using anti-malware protection when interacting with a known infection vector, such as e-mail attachments. Even after removing the '.thor File Extension' Ransomware, there are no publicly-available methods of decrypting any data that it encodes without charge.

An Idle God's Hand on Your Money

File-encrypting Trojans of 2016 are becoming increasingly known for splitting off into new variations and clones of each other, as well as imitating past threats (such as the Hucky Ransomware's attempt to play itself off as a member of an unrelated family). The '.locky File Extension' Ransomware family, in particular, doesn't seem to be slowing down, and malware researchers are finding new versions daily, including the '.shit File Extension' Ransomware and the '.thor File Extension' Ransomware. This last example uses a campaign that most likely is targeting businesses through e-mails.

The '.thor File Extension' Ransomware's spam-based installers use VisualBasic, JavaScript, and other exploitable platforms for loading a corrupted DLL in Windows. This technique is identical to that of the '.shit File Extension' Ransomware, and can disguise itself with spreadsheets or documents supposedly related to delivery notices or finance reports. The '.thor File Extension' Ransomware targets a set list of file formats, excluding Windows components, and encrypts and renames them, by using a hexadecimal-based pattern and the '.thor' extension for the latter.

If the '.thor File Extension' Ransomware functions as intended, victims can't restore their encrypted content from the now-deleted local backups, which makes paying the '.thor File Extension' Ransomware's ransom the only full recovery option potentially. Other than the Trojan's using a new extension referencing the famous Norse god, malware experts are finding limited technical differences between this threat and other, equally recent versions of the '.locky File Extension' Ransomware (or 'Locky').

Dodging a Digital Thunderbolt

The '.thor File Extension' Ransomware's family is a decryption-resistant group of threats that erase local data that could help you restore any encoded content. In light of this family's continuing prominence, malware experts see no reason to stop encouraging the widespread usage of backups on removable devices and cloud storage servers. Businesses and personal PC owners without access to such content may find themselves unable to save any encrypted data without taking the risk of paying a ransom to the '.thor File Extension' Ransomware's threat actors.

Unsafe documents and downloads are integral parts of the distribution of the '.thor File Extension' Ransomware and similar, file encrypting Trojans. Always give your anti-malware protection opportunities to intercept the '.thor File Extension' Ransomware and threats that could install it and update your security software routinely to guard against recently-emerging threats. Following such simple security protocols is a much more reliable option than attempting to break an asymmetrically-protected cipher.

Regardless of your choices in protecting your digital belongings from a threat, there always will be Trojan authors like the '.thor File Extension' Ransomware's administrators, who view continuing misappropriated profits as nothing less than a divine mandate.

Loading...