'Tors@tuta.io' Ransomware

Posted: July 17, 2020

'Tors@tuta.io' Ransomware Description

The 'Tors@tuta.io' Ransomware is a file-locking Trojan that's a member of the Globe Imposter Ransomware family, which mimics the Globe Ransomware. Any infection can lock media content from opening, including documents, music, and pictures and hold them for ransom. Users should back their files up safely and let trusted anti-malware solutions delete the 'Tors@tuta.io' Ransomware for their computers' safety.

The Imposter Comes Back for Another Swing at Someone's Files

Arriving as a fake database management service, the 'Tors@tuta.io' Ransomware is a point in favor of the Globe Imposter Ransomware's being a credible Ransomware-as-a-Service throughout the current year. This threat is failing most attempts at evading detection by cyber-security products, showing the family's relative stagnation next to the competition. Although this caveat is good news for any victims, allowing the 'Tors@tuta.io' Ransomware infections to happen in the first place still spells trouble – and data loss.

The 'Tors@tuta.io' Ransomware targets Windows PCs while staying beneath suspicion with the name of 'sql_service' – a ubiquitous service for server databases. The Trojan's behavior is similar to that of other relatives inside the family, such as the Erenahen Ransomware, the Horriblemorning Ransomware, the 'ponce.lorena@aol.com' Ransomware and the Taargo Ransomware. After compromising the Windows environment, it launches the following attacks:

  • The 'Tors@tuta.io' Ransomware locks media on the user's computer with AES-256, one of the favorites in non-consensual encryption routines. Files that may suffer from the attack include everything from text and documents to pictures, audio or even archives.
  • The 'Tors@tuta.io' Ransomware includes a name-based visual identifier of which files can't open, in the form of its e-mail address, in brackets. Typically, most file-locker Trojans also include another extension, although malware experts can't verify it for this variant currently.
  • The 'Tors@tuta.io' Ransomware also creates a pop-up that imitates the ransom message of the Globe Ransomware family. As usual, the Trojan refers the victim to a free e-mail service for ensuing negotiations over the unlocker or decryptor. Victims should avoid paying due to the various dangers of this transaction, including the files not unlocking as promised.

Since the threat actor's motive is to make money off selling users' files back to them, any victim can defend themselves merely by having a reasonably-protected backup on a device that this Trojan can't encrypt (or delete, in some cases).

Taking Out Trojans Instead of Meeting Their Demands

The theme of an SQL service makes the 'Tors@tuta.io' Ransomware particularly thematically apropos for victimizing unprotected servers, such as those using software with public vulnerabilities or passwords breachable through brute-force attacks. Typically, file-locking Trojans will acquire victims opportunistically. This trend opens the possibility of the 'Tors@tuta.io' Ransomware's harming random users through e-mail spam, torrents, or Exploit Kits peddling fake software updates through Web advertisements. Windows users are most at risk from attacks by the 'Tors@tuta.io' Ransomware and other Trojans of this category.

Disabling some features can reduce the presence of vulnerabilities for macros, Flash, JavaScrip and Java, particularly. Installing security patches will remove many exploit possibilities from the hands of attackers, additionally. Malware analysts also encourage using secure passwords in all circumstances and avoiding illegal downloads like pirated movies or premium software cracks.

Users can test freeware decryption solutions for the Globe Imposter Ransomware family. However, most victims will need backups for a full recovery and anti-malware products for uninstalling the 'Tors@tuta.io' Ransomware from any infected PCs.

The 'Tors@tuta.io' Ransomware's family struggles with keeping up with the sheer numbers of alternatives like the STOP Ransomware. This failing variation in the group is, regrettably, nowhere close to being a cheap way out for any users who find themselves infected, against the odds.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 'Tors@tuta.io' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware 'Tors@tuta.io' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.