Confirm

Are you sure?

Comfirm Cancel

Login http://www.becomegorgeous.com/users/auth/facebook

Or Login using BecomeGorgeous

Register

Please fill the form below and follow the further instructions.

By registering, you are agreeing to the terms and conditions.
We will not sell, rent or give your email to anyone so don't worry about spam.

Recommended

http://www.becomegorgeous.com/users/auth/facebook
Password Recovery

You are about to receive a email from us please make sure to check your spam or junk folder and add our email [email protected] to your contact list.

Thank you!

Madeline Dickson

Large

Taurus

Status

General
Unknown
21 May 1985
Switzerland

  • 11534 Rank

  • 0 Points

Published on: 29 Oct 2016 by dickson

Beware: Ransomware Viruses in Fake Promo Emails from Famous Fashion Stores

My friend informed me about a new scam.
She received several emails professionally designed and looking like they come
from big and famous online fashion stores. Those emails contain Halloween and Black
Friday discount coupons. To have your discount they ask to fill out a short
survey attached to the email. The attachment looks like a Word document. Once
you click on the attachment – it infects your computer with ransomware called Thor
File Virus, it encrypts all your files and asks for ransom payments to decrypt
files.

File-encrypting viruses make
the infected computer users’ and organizations’ proprietary data slip of out
their control. That’s precisely the effect that the ransomware dubbed Thor
produces. It employs the RSA cryptographic algorithm with 1024-bit keys to deny
the accessibility of personal files on a workstation. The .thor extension,
which gets attached to the original filenames, adds the finishing touch to the
information skewing effect.

The .thor epidemic proliferates
due to a well-orchestrated phishing campaign. The threat actors disseminate
their infection through spam, where the ransomware downloader assumes the form
of a JavaScript email attachment. This JS file, in its turn, is typically
camouflaged as something legitimate and eye-catching, for instance, an invoice,
a paycheck or a job offer. As soon as a user opens it, the script will download
the entities essential for further compromise workflow.

The name of the recent
executable is usually a seven-digit string, such as servey.doc. It is dropped into the Temp path on the target
system. When this process starts running, it first determines which files to
encrypt. Unfortunately, not only is onsite data subject to the encoding. The
Trojan also traverses removable media and network shares to cover a maximum
volume of the victim’s important
information.

Thor fetches unique crypto keys
from its Command and Control server and encrypts the detected personal files.
The private RSA key is kept outside the computer. Therefore recovery is a hard task, to
put it mildly. A document called Readme.txt that the ransomware displays to
victims provides the decryption demands.
In particular, the user must send a ransom of 0.5 BTC to the attacker, and afterward they should be able to download the
decryptor.

It’s up to every infected
person whether or not to pay this ransom. Before doing so, though, it won’t
hurt to try experts’ restoration advice based on Shadow Volume Copies of the
files and a few other forensic techniques. Last but not least, if there is a
secure data backup, you should be good to go.

More info about Thor ransomware
together with removal tips can be found here: http://myspybot.com/thor-virus-files/

Add a Comment

* Please Add A Comment

Anonymous

Thank you for submission! Your comment will be displayed after getting approval from our administrators.

Connect With
Or Pick a name