Tornado Ransomware

Tornado Ransomware is a new threat that can sneak onto your system without your noticing it and encrypt most of your files in a short time. This malicious attack has one goal only by rendering your files useless: The attackers want your money in exchange for the decryption key. However, you may have to pay hundreds or even thousands of dollars for the unique decryption key that you may not even get in the end. Our experience and research show that it is quite unlikely that you can recover your files this way without losing your money, too. In fact, we have information that a free decryption tool has already emerged on the web, which may be able to help you restore your encrypted files. However, if you are not an experienced user, we would not advise you to download it and use it on your own because it is always a risky thing. You can always ask a tech savvy friend or an IT professional to help you out. We recommend that you remove Tornado Ransomware from your computer as soon as possible.

If this dangerous threat managed to infiltrate your system, it is most likely because you let it on board. While this may come as a shocker, you need to learn how this is possible so that you can avoid similar nightmares in the future. This ransomware program is known to be distributed as a malicious attachment in spam mails. This spam could appear to be totally authentic to you and even convincing that it regards an urgent matter. Urgent enough that you would want to open it even if it lands in your spam folder. As you may already know, sometimes even important mails can end up in your spam folder thanks to the strict policies of spam filters. This is why users normally check out this folder to manually scan it through to see whether legitimate mails have landed there. You need to be extra careful with mails that have attachments. This spam could seemingly have an image or a document file attached to it, which is indeed the malicious executable. This also means that trying to view this files is tantamount to executing this malicious attack on your computer. In other words, you will not be able to delete Tornado Ransomware without the encryption of your files.

The same can happen if your browsers and drivers are not up-to-date, and you accidentally land on a malicious page using Exploit Kits. We cannot confirm that this particular ransomware program is distributed this way but a lot of similar threats definitely use this method. It is enough for you to click on a corrupt third-party banner or pop-up ad on a suspicious website, and you could be taken to a malicious page in a moment. The worst about this attack is that once this page loads, it drops the payload right away automatically. So by the time you may realize that you are viewing a malicious page and try to close your browser, you will be infected already.

Our research shows that this ransomware uses the RSA algorithm to encrypt most of your files on your hard disk. This means the loss of all your photos, videos, audios, databases, and archives as well. We have found that this malware infection does not encrypt files in major system directories, including Windows, Program Files, and Program Files (x86) folders and their subfolders. The encrypted files get a new ".[dongeswas@tutanota.com].Tornado" extension. This dangerous threat also deletes the shadow volume copies of encrypted files, which makes it impossible to recover them using built-in system functions.

The ransom note is called "key.txt" and it is created in every affected folder. This note tells you to send an e-mail to "dongeswas@tutanota.com" as soon as possible because the price seems to depend on how fast you are to contact these cyber crooks. This message also say that if you do not get a reply within 48 hours, you need to send an e-mail to "dongeswas@cock.li", too. We cannot confirm the amount of the ransom fee yet, but it can be anything starting from 100 dollars up to 5,000 dollars paid in Bitcoins. The good news is that it may be possible to actually decrypt your files using a free tool that should be available on the net. This means that you do not even need to think about paying the ransom, not that we would encourage you to do so anyway. We advise you to remove Tornado Ransomware right away.

In order to eliminate this malicious threat, you need to be able to identify the malicious executable you may have downloaded recently from a spam e-mail. We have prepared the necessary instructions for you below if you were to do this manually. However, if you prefer automated tools, we suggest that you install a reliable anti-malware program like SpyHunter to defend your PC against all existing infections.

How to remove Tornado Ransomware from Windows

1. Press Win+E to display the File Explorer.
2. Locate and delete the recently downloaded malicious file.
3. Delete all the ransom note files ("key.txt") from the affected folders.
4. Empty your Recycle Bin.
5. Restart your computer.