Thunder Ransomware

The Thunder Ransomware is a variant of Everbe@airmail.cc Ransomware, a file-locker Trojan. These threats can keep any media, such as documents, from opening on your PC as leverage for extorting money. The decryption services that the criminals offer in return may be fictitious or bugged, and malware experts recommend keeping backups on other devices for the safety of your files. Any anti-malware product that's capable of detecting this family's original version should be equally qualified for removing the Thunder Ransomware.

A Forecast of File-Locking Trojans

The small family of the Everbe@airmail.cc Ransomware is growing at an accelerated rate, relative to the early months around the file-locking Trojan's origin. 2018 is showing many variants that are in active use by different threat actors, including the Evil Locker Ransomware, the Hyena Locker Ransomware, the PainLocker Ransomware, the Embrace Ransomware, and, lastly, the Thunder Ransomware. That last build is of note to malware experts for its basing its payload off of a 2.0 version of the Trojan's cryptography infrastructure, which is secure against decryption solutions particularly.

With the Thunder Ransomware attacks being verifiable in the wild, this Trojan's distribution method is using means not yet available for analysis by malware experts. The traditional infection routes for file-locker Trojans abuse forged e-mail messages and document-based vulnerabilities frequently, as well as RDP features and non-secure passwords for logging in to a server remotely. However it gains access, the Thunder Ransomware's deployment means a potential locking of all personal media on the PC.

Members of the Thunder Ransomware's family don't generate any symptoms, such as fake Windows update pop-ups when they're locking files. This non-consensual and asymptomatic encryption routine can target the user's work according to both its format and its location, such as documents, pictures or anything in the Downloads directory. The Thunder Ransomware also keeps the method by which Everbe@airmail.cc Ransomware flags the files as being locked, by appending a bracketed e-mail and a new extension ('.thunder') to their names.

Calming the Storm that's Approaching Your Files

Some decryption tools available for freely-downloading can reverse the attacks of various file-locker Trojans completely, but the threat actors can implement a secure encryption feature relatively easily. No public decryptor exists for the Thunder Ransomware or most of the other versions of the Everbe@airmail.cc Ransomware family. Instead of presuming that a decryption solution always is possible, users should save any content of import to other devices, such as a removable storage drive.

Word document macros are a reoccurring element in many file-locker Trojans' campaigns, along with RDP misuse, brute-force attacks against unsafe passwords and PDF exploits. Taking care to scan your downloads and refraining from enabling advanced content that could be of use in a threat-downloading attack can mitigate or remove most of these security issues. Victims should prioritize deleting the Thunder Ransomware with the assistance of an anti-malware product or appropriate support from a PC security specialist before restoring their encryption-locked media.

While the cost of ransoming your files from a variant of the Thunder Ransomware's family is difficult to confirm with certainty, malware experts often find ransoms ranging from hundreds to thousands of dollars. No matter how much the victims pay, getting their files back depends on the mercy of criminals who may not honor their word entirely, which is why remembering to back your work up is so important.