Tomas Ransomware
The Tomas Ransomware is a file-locker Trojan that blocks digital media files for ransom. The Tomas Ransomware shares most of its symptoms with other threats of this type, although it also delivers ransom notes with unique addresses and appends a custom extension onto the files. A majority of anti-malware programs will detect and remove the Tomas Ransomware from Windows environments immediately before losing files.
The Tomas Ransomware: Trojan Children or Simple Plagiarism
Since their business operations tend to benefit from similar features, such as changes to files' names, cryptocurrency ransoms, and the all-important encryption of data, identifying a file-locker Trojan isn't always clear-cut. One file-locking Trojan catching malware analysts' notice recently bears a suspicious resemblance to an old one, but this similarity could be no more than cosmetic. The Tomas Ransomware might be a minor update to the old Mailto Ransomware or nothing more than a plagiarist.
Features verifiable in the Tomas Ransomware's payload easily include encrypting media files like documents, changing their names by adding a 'tomas' string (and an e-mail address and ID), and the creation of a TXT ransom note. However, excepting the extension, all of these features are widespread among Trojans of many lineages, including Hidden Tear, the Dharma Ransomware, the Scarab Ransomware, the Snatch Ransomware and the STOP Ransomware.
Where the Tomas Ransomware's connection to the Mailto Ransomware expresses itself is in the text of its ransom note, which sells an unlocking service at a questionable price for the encrypted media. Other than the change to e-mail addresses, the contents are identical to Mailto Ransomware's message. The Tomas Ransomware also adds a Telegram option for contact, which is somewhat more popular with European Trojan campaigns.
The Best Ending for Any Trojan Mystery
Some file-locker Trojans can have their effects on files made reversible by free decryption tools. Sadly, this solution is a minority case. Malware experts recommend not expecting it from new threats like the Tomas Ransomware or the Mailto Ransomware's relatives like the Netwalker Ransomware. Even paying the ransom isn't a perfectly-dependable option; criminals may take their payment and remove themselves from the situation without giving up any decryption services.
Ultimately, all Windows users should protect any files worth money by backing them up to adequately-secure devices. Protected cloud servers and removable drives are incredibly efficient at countering the attempted extortion of file-locker Trojans like the Tomas Ransomware. Protective steps should focus on notable infection sources, including e-mail attachments, scripts running in browser and passwords for admin-privileged accounts.
Whatever its ancestors are or aren't, reliable and updated anti-malware tools should detect and remove the Tomas Ransomware as a threat from modern Windows computers.
There are open-ended questions worth wondering about in the Tomas Ransomware campaign, but not ones that change how any victims should behave. Taking a little time to protect one's files will pay off later, whether against one of the larger Trojan families or a small-time bandit like the Tomas Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.