'.thor File Extension' Ransomware
Posted: October 26, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 447 |
| First Seen: | October 26, 2016 |
|---|---|
| Last Seen: | March 16, 2023 |
| OS(es) Affected: | Windows |
The '.thor File Extension' Ransomware is a Trojan with capabilities focusing on blocking your local content via ciphering techniques and dropping messages soliciting money for its decryption. PC owners should protect their files by keeping backups for restoring as needed, and using anti-malware protection when interacting with a known infection vector, such as e-mail attachments. Even after removing the '.thor File Extension' Ransomware, there are no publicly-available methods of decrypting any data that it encodes without charge.
An Idle God's Hand on Your Money
File-encrypting Trojans of 2016 are becoming increasingly known for splitting off into new variations and clones of each other, as well as imitating past threats (such as the Hucky Ransomware's attempt to play itself off as a member of an unrelated family). The '.locky File Extension' Ransomware family, in particular, doesn't seem to be slowing down, and malware researchers are finding new versions daily, including the '.shit File Extension' Ransomware and the '.thor File Extension' Ransomware. This last example uses a campaign that most likely is targeting businesses through e-mails.
The '.thor File Extension' Ransomware's spam-based installers use VisualBasic, JavaScript, and other exploitable platforms for loading a corrupted DLL in Windows. This technique is identical to that of the '.shit File Extension' Ransomware, and can disguise itself with spreadsheets or documents supposedly related to delivery notices or finance reports. The '.thor File Extension' Ransomware targets a set list of file formats, excluding Windows components, and encrypts and renames them, by using a hexadecimal-based pattern and the '.thor' extension for the latter.
If the '.thor File Extension' Ransomware functions as intended, victims can't restore their encrypted content from the now-deleted local backups, which makes paying the '.thor File Extension' Ransomware's ransom the only full recovery option potentially. Other than the Trojan's using a new extension referencing the famous Norse god, malware experts are finding limited technical differences between this threat and other, equally recent versions of the '.locky File Extension' Ransomware (or 'Locky').
Dodging a Digital Thunderbolt
The '.thor File Extension' Ransomware's family is a decryption-resistant group of threats that erase local data that could help you restore any encoded content. In light of this family's continuing prominence, malware experts see no reason to stop encouraging the widespread usage of backups on removable devices and cloud storage servers. Businesses and personal PC owners without access to such content may find themselves unable to save any encrypted data without taking the risk of paying a ransom to the '.thor File Extension' Ransomware's threat actors.
Unsafe documents and downloads are integral parts of the distribution of the '.thor File Extension' Ransomware and similar, file encrypting Trojans. Always give your anti-malware protection opportunities to intercept the '.thor File Extension' Ransomware and threats that could install it and update your security software routinely to guard against recently-emerging threats. Following such simple security protocols is a much more reliable option than attempting to break an asymmetrically-protected cipher.
Regardless of your choices in protecting your digital belongings from a threat, there always will be Trojan authors like the '.thor File Extension' Ransomware's administrators, who view continuing misappropriated profits as nothing less than a divine mandate.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.