Tuesday, October 25, 2016

Locky ransomware has been updated again: now uses .thor file extension



Seems like Locky creators have returned from vacation, after several weeks of slow distribution of their earlier version called Odin, they released two more variants this week. First one adds .shit extension and the second one adds .thor extension. Two variants differ in a way that one may work offline without contacting Command and Control servers. Seems like cyber criminals want to launch two variants simultaneously and see which one goes better in terms of rogue ROI.

Like with many previous versions, new .thor file virus usually arrives with malicious email attachments or hyper links within the body of the email message or instant message. Do not click on such links and do not open attachment sent by unfamiliar users. 

If your files got encrypted with .thor version of the virus, try restoring Windows from previous restore point or utilize backups. For more tips read here.

To be protected, make regular backups and keep you security software up-to-date.