Skip to content ↓ | Skip to navigation ↓

A new ransomware threat is on the loose, and users better be prepared for it in case it comes knocking on their door. And it’s not the Locky Virus this time!

This latest malicious variant goes under the name of ThunderCrypt Virus File Ransomware. For now, it has mainly been infecting users in different Asian countries but if history is any indication, it would soon be a global event.

This threat uses a hybrid RSA-2048 encryption code, which is actually based on a cryptosystem initially designed to protect data and secure its transmission. However, in this case, the virus uses it to block the victims’ access to their own files and then blackmail them for money, as explained in the appropriately named “We have encrypted all your personal files” ransom note.

The amount that it asks for, once it makes it presence known, is exactly 0.345 bitcoins, which is roughly $500.

Users typically get infected by the same means as most ransomware viruses are distributed. The most common means of distribution are still the good old spam emails that contain malicious attachments in various formats. It could be a .zip, .exe, .doc, or other similar file.

As soon as you download it, it will run the malicious script and Thunder Crypt File Virus will begin encrypting your most precious files one by one. After this, it will inform you of the process by displaying a notification on your screen with the ransom amount and details on how to transfer payment. The bad thing is that even if you have a working antivirus system installed, it will most likely fail to detect the virus and prevent it from causing further damage.

If you have found yourself among the victims of this ransomware variant, we advise you not to comply with the demands of the criminals behind it. For one, there’s no guarantee that you will indeed receive the necessary decryption key. And for another, you will be sponsoring the criminal scheme of these blackmailers, helping to ensure that they won’t get caught.

What we can advise you to do is seek for a professional removal guide that will help you delete the ThunderCrypt Virus and try to restore your files from system backups. Better yet, if you have copies stored on separate drives, then you’ve got nothing to worry about at all.

And as for those who’ve not been infected, this is a valuable piece of advice to arm yourself with. Be sure to regularly back up your most important files and keep them on separate drives as insurance in case of a ransomware attack.

You would also do well to treat all spam messages with suspicion and not open them or their attachments unless you are 100% sure you can trust them.

Check regularly for more security news and tips!


daniel sadakovAbout the Author: Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.