Locky ransomware has been updated again: now uses .thor file extension

Seems like Locky creators have returned from vacation, after several weeks of slow distribution of their earlier version called Odin, they released two more variants this week. First one adds .shit extension and the second one adds .thor extension. Two variants differ in a way that one may work offline without contacting Command and Control servers. Seems like cyber criminals want to launch two variants simultaneously and see which one goes better in terms of rogue ROI.

Like with many previous versions, new .thor file virus usually arrives with malicious email attachments or hyper links within the body of the email message or instant message. Do not click on such links and do not open attachment sent by unfamiliar users. 

If your files got encrypted with .thor version of the virus, try restoring Windows from previous restore point or utilize backups. For more tips read here.

To be protected, make regular backups and keep you security software up-to-date.

TeslaCyrpt Virus

An interesting article about TeslaCrypt ransomware virus: http://www.engadget.com/2016/04/06/history-and-evolution-of-teslacrypt-ransomware-virus/

Locky Ransomware Virus Is on the Rise

The easy availability of Locky malware attracts a number of distributors. Those propagators are unrelated to each other. They make use of any possible method of introduction. Naturally, some of them have already been caught at spreading the malware. The point is, they are not much closer to the arch villain than anyone.

The ransoming virus installation details vary from case to case. The prevailing infection vector is known. Most of the infiltration cases are due to opening spam mail attachments.

The introduction is to be followed by installation of the Locky ranowmare. The latter requires an affected system to reboot. One can prevent the encryption already at that stage. If a sudden reboot is happening, it is worth switching your computer to Safe Mode: the malware is not able to complete its installation.

If it succeeds in its encrypting attempts, the victims are presented with a relevant ransom note. The note is available at each folder with affected files. Several formats convey the same notification to ensure the users would read it.

The removal of Locky encryption shall include the ransomware elimination and data recovery. Whenever possible, the victims shall abstain from purchasing the key as prompted by the scammers. Relevant instructions on how to handle and prevent Locky invasion follow: http://myspybot.com/decrypt-locky-files/