Security Alert: Locky Ransomware Is Now THOR

Ransomware gangs are at it again. A new Locky ransomware variant now carries the THOR extension. Here’s what you should know:

  • Like Locky, THOR is distributed via SPAM campaigns.
  • Recent emails masquerade as a request to open a “budget forecast” attachment for a soon-to-be-due project.
  • The bogus email carries an infected attachment usually a zip file. The infected file contains a VBS script that starts the attack by downloading a DLL Installer.
  • Once executed, THOR searches for targeted file types, converts the file names into nonsensical descriptions, encrypts the files and attaches the THOR extension.
  • THOR will attempt (and many times, succeed) to delete the Shadow Volume Copies that are used to restore previous file versions in Windows making quick restores impossible.
  • At this time, there is no known decryption tool for the THOR ransomware variant.

The only way to recover from a Locky/THOR ransomware attack (if your Shadow Copies have been deleted) is through your backup system. Keep in mind that data backup systems do not ensure a quick recovery. So, if all you have is a data backup system, you could be in for a long, painful recovery.

The ultimate protection against data loss is a Hybrid-cloud backup solution that provides for:

  1. Instant onsite failover for super-fast, local restores.
  2. Cloud failover to two (2) geographically separated locations for maximum protection and redundancy.
  3. Image capture for fast restores.
  4. Bare Metal Restore capability.
  5. Full management from installation to monitoring to maintenance and finally, restoration.

Don’t become a statistic—plan to stay in business! Call us to upgrade your data backup system to a Hybrid-cloud backup solution now.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 180+ Petabytes of data with over 700 employees around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.