Security researchers have released a free decryptor to help ThunderX ransomware victims to recover their data for absolutely no cost. Ransomware is, by and large, a major cybersecurity issue for both consumers and businesses.
ThunderX ransomware decryptor
Although well-established ransomware families such as NetWalker, Maze, and Clop continue to cause trouble, there’s no way to block new ransomware families from emerging out of nowhere. A cybersecurity firm Tesorion has provided us with insights into ThunderX, a newly discovered ransomware family.
What is ThunderX malware all about, you may ask? ThunderX is a file encryption ransomware and it doesn’t differ much from other similar ransomware families. Once the actual encryption begins, the ransom note is generated, and eventually, it starters to encrypt files.
ThunderX is capable of overwriting specific files with zeroes. Meaning, it can destroy some data on purpose which is irreversible.
“The embedded configuration in the resources contains the target filenames for this destructive overwriting,” Tesorion said.
“A number of strings have been hex-encoded in the binary, to make them less obvious,” it added.
Similar to other ransomware families, ThunderX uses a combination of asymmetrical and symmetrical cryptography. Although it uses the more secure 256 bits variant of Salsa20 cipher, a bug causes it to operate in the 128 bits key mode.
Researchers discovered that encrypted files get the extension ‘.tx_locked.’ Unlike other ransomware, ThunderX values aren’t stored in the encrypted file footers. This makes it impossible for their decryptor to detect file corruption during decryption.
ThunderX adopts a multi-threading approach. For instance, it creates a separate thread for each drive and network share to discover the files to encrypt.
Download free ThunderX ransomware decryptor
Researchers conclude that it is possible to decrypt all affected files without paying the ransom. However, it can only recover non-corrupted files. What’s more, researchers have also come up with a free decryptor to help victims at no charge.
Researchers will soon make this decryptor available through the NoMoreRansom initiative. Until then, it will be distributed, courtesy of Tesorion’s CERT team for free.