Home Malware Programs Ransomware 'Tors@tuta.io' Ransomware

'Tors@tuta.io' Ransomware

Posted: July 17, 2020

The 'Tors@tuta.io' Ransomware is a file-locking Trojan that's a member of the Globe Imposter Ransomware family, which mimics the Globe Ransomware. Any infection can lock media content from opening, including documents, music, and pictures and hold them for ransom. Users should back their files up safely and let trusted anti-malware solutions delete the 'Tors@tuta.io' Ransomware for their computers' safety.

The Imposter Comes Back for Another Swing at Someone's Files

Arriving as a fake database management service, the 'Tors@tuta.io' Ransomware is a point in favor of the Globe Imposter Ransomware's being a credible Ransomware-as-a-Service throughout the current year. This threat is failing most attempts at evading detection by cyber-security products, showing the family's relative stagnation next to the competition. Although this caveat is good news for any victims, allowing the 'Tors@tuta.io' Ransomware infections to happen in the first place still spells trouble – and data loss.

The 'Tors@tuta.io' Ransomware targets Windows PCs while staying beneath suspicion with the name of 'sql_service' – a ubiquitous service for server databases. The Trojan's behavior is similar to that of other relatives inside the family, such as the Erenahen Ransomware, the Horriblemorning Ransomware, the 'ponce.lorena@aol.com' Ransomware and the Taargo Ransomware. After compromising the Windows environment, it launches the following attacks:

  • The 'Tors@tuta.io' Ransomware locks media on the user's computer with AES-256, one of the favorites in non-consensual encryption routines. Files that may suffer from the attack include everything from text and documents to pictures, audio or even archives.
  • The 'Tors@tuta.io' Ransomware includes a name-based visual identifier of which files can't open, in the form of its e-mail address, in brackets. Typically, most file-locker Trojans also include another extension, although malware experts can't verify it for this variant currently.
  • The 'Tors@tuta.io' Ransomware also creates a pop-up that imitates the ransom message of the Globe Ransomware family. As usual, the Trojan refers the victim to a free e-mail service for ensuing negotiations over the unlocker or decryptor. Victims should avoid paying due to the various dangers of this transaction, including the files not unlocking as promised.

Since the threat actor's motive is to make money off selling users' files back to them, any victim can defend themselves merely by having a reasonably-protected backup on a device that this Trojan can't encrypt (or delete, in some cases).

Taking Out Trojans Instead of Meeting Their Demands

The theme of an SQL service makes the 'Tors@tuta.io' Ransomware particularly thematically apropos for victimizing unprotected servers, such as those using software with public vulnerabilities or passwords breachable through brute-force attacks. Typically, file-locking Trojans will acquire victims opportunistically. This trend opens the possibility of the 'Tors@tuta.io' Ransomware's harming random users through e-mail spam, torrents, or Exploit Kits peddling fake software updates through Web advertisements. Windows users are most at risk from attacks by the 'Tors@tuta.io' Ransomware and other Trojans of this category.

Disabling some features can reduce the presence of vulnerabilities for macros, Flash, JavaScrip and Java, particularly. Installing security patches will remove many exploit possibilities from the hands of attackers, additionally. Malware analysts also encourage using secure passwords in all circumstances and avoiding illegal downloads like pirated movies or premium software cracks.

Users can test freeware decryption solutions for the Globe Imposter Ransomware family. However, most victims will need backups for a full recovery and anti-malware products for uninstalling the 'Tors@tuta.io' Ransomware from any infected PCs.

The 'Tors@tuta.io' Ransomware's family struggles with keeping up with the sheer numbers of alternatives like the STOP Ransomware. This failing variation in the group is, regrettably, nowhere close to being a cheap way out for any users who find themselves infected, against the odds.

Loading...