- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Thundercrypt Ransomware is a newly discovered malware that was designed to encrypt many of your files on your PC and offer you to purchase a decryption key to decrypt them. In short, the developers want to extort money from you by keeping your files hostage. Unfortunately, removing this ransomware is the only option you have, and if you do, then you will not be able to pay the ransom. However, you should not consider paying it anyway because this program’s developers might not send you the decryption key after you pay because all they care about is getting your money. On top of that, even if you get the decryption key, there is a chance that it will not work for you.
If your computer becomes infected with Thundercrypt Ransomware, then be warned that it will start encrypting your files immediately. We have found that this ransomware was configured to encrypt many file formats that include documents, images, videos, audios, and so on. Basically, this program will encrypt almost all of your files, but skip certain locations not to damage the operating as the developers want your PC to continue running so that you could use it to pay the ransom. Our research has revealed that this program was set to encrypt your files with an RSA-2048 encryption algorithm. Note that this particular algorithm provides one of the most secure encryptions possible, so the chances of decrypting it using a third-party decryptor are next to none. Still, if a ransomware has particular vulnerabilities, the decryption key can be extracted, and a universal tool developed.
However, this particular program does not host the decryption key locally. This ransomware generates a unique encryption and decryption keys and sends the decryption key to its server and stores it. According to the ransom note, if you do not pay within the given time, the decryption key will be deleted from the server. While this may be true, you should not allow yourself to be bullied by greedy cyber crooks. Even if you pay, there is no guarantee that your files will be decrypted. This program also appends the encrypted files with a .thundercrypt file extension as an indication that the files are encrypted. The criminals want you to pay 0.345 Bitcoins (590.49 USD.) Also, the ransom note says that you can send the developers one of the encrypted files and they will send you it back decrypted as proof that they can actually do it. Note that the file cannot exceed 3 MB.
Now let us discus how this particular ransomware works. We have found that this program was briefly distributed on a particular Taiwanese website called Eyny.com. Furthermore, the name of the executable of this ransomware is eyny.exe. The site was set to show a fake Flash player update pop-up that downloaded the malicious executable on your PC. Apparently, the site hosted some sort of exploit kit. However, there is no information on how Thundercrypt Ransomware is currently being distributed. Its developers might use other Taiwanese websites to continue distribute it. Nevertheless, the developers could have gone for an entirely different distribution channel altogether such as sending fake emails with the ransomware or having it bundled with pirated software featured on torrent websites.
The information we have gathered suggests that Thundercrypt Ransomware is one highly malicious program that can render your personal files useless. Nevertheless, risking paying the ransom is not an option as it is likely that you will not get your money or your files. Therefore, we recommend that you act quickly and remove this ransomware. We suggest suing SpyHunter’s free scanner to locate the malicious file and then go to its location and delete it manually.