ThunderX Ransomware
The ThunderX Ransomware is a file-locker Trojan without ties to any famous families or Ransomware-as-a-Services. The ThunderX Ransomware can block the user's files with its encryption, delete local Windows backups, and create additional files related to the ransoming service. Users with other backups are immune to this extortion attempt virtually, and anti-malware programs can block or remove the ThunderX Ransomware from infected PCs.
Thunder Coming from a Mysterious Source
Between the many families of file-locking Trojans, individual equivalents are no less hostile to users' files. Although one might look at the ThunderX Ransomware and mistake it for a Dharma Ransomware member or a Hidden Tear remix, it's an independent threat. This new entry into the threat landscape targets business entities' networks with the long-standardized encryption plan and extortion.
The ThunderX Ransomware is compatible with modern versions of Windows, and malware experts see no samples dating earlier than late August of 2020. The Trojan encrypts media files on infected systems for blocking them, appends pseudo-extensions to their names (a generic '_locked' string), and creates a ransom note and ID file in the same folders. The encryption's security is unknown and may or may not be vulnerable to third-party decryption for recovering data.
The ThunderX Ransomware identifies itself in its ransom note and addresses the victim, assuming that the target is a network. Otherwise, it's very similar to a Ransomware-as-a-Service and includes a free demonstration of the unlocking service. It has no details on its ransom, which might be a ploy for bargaining leverage on the threat actor's part.
Sheltering Files from the Worst of Weather
Users should beware of depending too much on the Restore Points and local backups for their defenses. The ThunderX Ransomware, like nearly every other file-locking Trojan, will make an effort to delete the Shadow Volume Copies that the Restore Points require for recovery. Offsite backups on cloud services, NAS, and detachable devices are far preferable.
Due to its current demographics, malware researchers recommend that Windows users watch most carefully over the infection techniques that tend towards business entities, government offices, and NGOs. E-mail is one often-abused method, with attackers hiding their Trojan-installing exploits inside of attached documents like invoices. Brute-force or dictionary attacks are other possibilities. Administrators should monitor passwords for possible vulnerabilities and be prompt about updating the software associated with their servers.
Far more anti-malware utilities than not will delete the ThunderX Ransomware, which has no certificates or any significant code-obfuscating properties. This removal method is preferable for most circumstances, and such tools being powerful for stopping drive-by-download attacks.
There's room for smaller threat actors, too, just as any ecosystem includes insects alongside mammalian and reptilian predators. The ThunderX Ransomware is proof positive of it, and another notice that a backup is priceless.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.