Tornado Ransomware
The Tornado Ransomware is a Trojan that uses the RSA encryption to lock your files and keep them hostage until you pay its Bitcoin ransom. Victims can expect the symptoms of the Tornado Ransomware infections including the appearance of text-based ransom messages, e-mail addresses and extensions added to their files and being incapable of opening various types of media. Since decryption for free is often impractical, you should have your anti-malware programs disable and delete the Tornado Ransomware whenever possible.
Your Media is Getting Pulled into a Whirlwind
A new version of what may be a variant of well-known threats like the Globe Ransomware, the Crysis Ransomware, or the BTCWare Ransomware family is starting to appear in live distribution, with its attacks including both a secure, data-encrypting routine and an accompanying ransom demand that monetizes the former. The Tornado Ransomware is targeting media in the Windows 'Documents and Settings' folder especially and may block anything from text files to movies.
The Tornado Ransomware runs on Windows platforms and also modifies the system's default boot-up sequence so that it launches automatically, once the PC restarts. Its encryption is RSA-based and also includes the dynamic generation of an ID for the victim's use, which the Trojan inserts into the internal data of every file that it locks. However, for most users, the symptoms malware experts point out as being most visible is the Tornado Ransomware's appending of a '.Tornado' extension and an e-mail address to the names of the blocked content.
The Tornado Ransomware also creates a Notepad file that offers the threat actor's simple demands: contacting them for purchasing a decryptor for their media. This ransom uses Bitcoins, which, victims should note, avoids the legal protections available in more traditional currencies than cryptocurrency. Although the instructions include a casual reference to time pressure, malware experts find no cases of the Tornado Ransomware taking any further actions after this initial encryption, such as the Jigsaw Ransomware's hourly, file-deleting routine.
Weathering the Worst in Data Attacks
The Tornado Ransomware's encryption is, predominantly, damaging local drives. Cloud storage, local network backups, and peripheral devices all offer alternate methods of preserving your media that the Tornado Ransomware can't breach without the assistance of a third-party program or threat actor. The cybercrooks often insist upon Bitcoin and other cryptocurrencies for payments to keep their victims from demanding refunds, particularly, when the decryption solution that they offer is bug-ridden or fake.
Although malware researchers are confirming that all facets of the Tornado Ransomware's payload work as necessary for blocking and ransoming the victim's files, not all aspects of this Trojan's campaign are knowable. The Tornado Ransomware's infection exploits are prospects of theoretical, future analysis, and could include file-sharing networks like torrents, browser-abusing exploit kits, or, especially, e-mail attachments. Have your anti-malware products protect your PC from this threat by keeping them fully-updated and active so that they can delete the Tornado Ransomware on sight.
The Tornado Ransomware is less of a new storm than an old one with a unique name attached to it. For anyone dealing with locked files, this distinction is, however, of little practical benefit for the sake of avoiding losing their savings to ransoms.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.