Malware Complaints

Virus and Malware Database

The malicious programs identified as Ransomware versions are by all means the most dangerous and intrusive type of software. They are regarded as especially...

The malicious programs identified as Ransomware versions are by all means the most dangerous and intrusive type of software. They are regarded as especially malicious because of their potential effects on your machines – actual file/monitor encryption can take place. (You can find our removal guide at the bottom of the article.) After locking up the component of your PC they have been set to encrypt, such a terrible virus could proceed with producing a ransom notification. The warning inside such a demand message states that if you refuse to pay the ransom the hackers want; you will have to deal with a permanent loss of access to whatever it was that has been blocked. Below we will be reviewing one specific Ransomware version that can be blamed for file encryption and ransom-related harassment. It is called ThunderCrypt Ransomware. Continue reading the text down here to read more about Ransomware in general and ThunderCrypt Virus in particular.

Ransomware Details

The programs classified as Ransomware are believed to have first appeared in Russia during the last two decades of the XXth century. At first, there were two types of Ransomware viruses:

  1. File-encoding versions: exactly the subcategory ThunderCrypt belongs to. These viruses infect computers, and then check all their disks and drives for the most often modified data. Later on, all such data gets locked up with a specialized key, which is awfully hard to crack. Such malware tends to send ransom-requiring messages as soon as they are done with the encryption of your valuable files. Inside this message, you can find some extra warnings as well as some detailed payment-related information.
  2. Screen-locking malware – these viruses are believed to infiltrate computers in the same way as the ones from the aforementioned group. The only difference between these two categories is that the screen-blocking versions may only lock up the victim user’s desktop with a huge ransom-demanding pop-up alert. Indeed, no data falls victim of any encryption. Only the monitor is made inaccessible to you. Nevertheless, a ransom is again required and you will see all the payment information in the notification, which blocks your desktop.
  3. Mobile devices Ransomware: such products can infect phones and tablets as well. The way such a virus works is pretty much exactly the same as in the case of screen-blocking viruses described above.

How does such a virus travel?

ThunderCrypt, as well as the other Ransomware-based programs, may get distributed in various ways. They may be incorporated into some contaminated letters in your email; as well as into their attachments. Another more common source of such malicious software is the so-called ‘malvertising’. Some websites include ads that may lead you to malware, and once you follow such an ad, you get the virus automatically. One more typical means of distribution might be any drive-by download from contagious websites; also some contaminated shareware or torrents.

Is it possible to safely remove ThunderCrypt? Is there a way to recover the victim data?

Talking about infections, caused by Ransomware, it is extremely important that you bear in mind that no actions on your side can guarantee the total recovery of the encrypted data, or the successful removal of ThunderCrypt. Even if you succeed in removing this danger, your data could be lost forever. Even in case you decide to REALLY PAY the required ransom, the hackers could simply disappear with it, and your files may remain inaccessible for good. As all prospects are not in your favor while facing such a Ransomware contamination, we recommend that you take the big risk not to pay the ransom, and see what you are able to do. Really, you will lose nothing in such a case as your data is already blocked.

Some of the potential solutions may include contacting someone who has some experience getting rid of such viruses. It may turn out to be just the right solution. Perhaps your solution lies in a reliable Removal Guide. Indeed, we have one very helpful example here: simply scroll down and check out our Removal GuideWhatever you do, always keep in mind that in the battle against Ransomware viruses, your most powerful weapon has always been and will be prevention. If you want to avoid file-encryption, simply back up your data as often as you can, and no one will ever be able to harass you.

Remove ThunderCrypt Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: The Hosts file

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious, disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in TempAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Decryption

The previous steps were all aimed at removing the Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Thompson Hill

No comments so far.

Be first to leave comment below.

Your email address will not be published. Required fields are marked *