Thundercrypt Ransomware is a highly malicious computer infection that can end up on your PC after visiting a particular malicious website or possibly opening a fake email. This program is designed to encrypt your personal files and then demand that you pay a ransom to get them back. Hence, the developers have created this malware to extract your money. However, you should remove this program instead of complying with their demands because you might not only lose your files, but your money as well because you cannot trust cyber criminals to keep their end of the bargain. For more information, please continue reading.
While there is little to no information on how this ransomware is distributed, we have found that its primary distribution channel was a Taiwanese website at Eyny.com. Apparently, this website features a fake pop-up message that recommends you to update your Flash player. If you agree and start the “update” process, then your computer will become infected with this ransomware. We also do not rule out the possibility of Thundercrypt Ransomware being distributed via malicious emails that feature the ransomware in a file attachment that is disguised as an invoice, receipt or something of similar nature. The file inside the archive might have a double extension and pose as a PDF or DOC, DOCX file. However, the last extension might be EXE. If you open the archive and run the executable, then Thundercrypt Ransomware can end up on your PC.
If it were to infect your PC, then it would start encrypting your files immediately. Our analysis has revealed that this program uses a hybrid RSA-2048 algorithm to encrypt your files. Apparently, it seems that this ransomware generates a public encryption key and a private decryption key. The decryption key is not stored locally but is sent to a remote server and stored. The encryption and decryption keys must match to decrypt your files. The RSA-2048 algorithm is a tough encryption algorithm, so decrypting it with third-party decryption tools is next to impossible. This program should encrypt most of the most commonly used file formats that can include formats for containing pictures and images, videos, documents, audio files, and so on. This program is set to encrypt your files with a .thundercrypt file extension. However, the extension can vary, but it is not a significant factor.
Once the encryption is complete, this ransomware will demand that you pay 0.345 BTC (590.49 USD.) Evidently, it requires you to pay a significant sum of money that you may be compelled to pay because this ransomware’s developers use scare tactics. This program features a deadline timer, and when the time runs out, the decryption key is said to be deleted and you will not be able to get your files back. Nevertheless, you should not consider paying the ransom in the first place because the cyber criminals might not give you the key even after you pay. You can determine whether your computer has been infected with Thundercrypt Ransomware by going to the Task Manager and looking for an executable named eyny.exe. This executable consumes a large amount of the CPUs power, and you have to remove it from your PC as soon as the opportunity arises.
In closing, Thundercrypt Ransomware is one dangerous computer infection that can turn your personal files into unreadable digital waste. The advanced encryption algorithm renders the files useless, and the only way you can get them back is risking paying the ransom. However, again, you should not trust criminals to keep their word. We recommend that you remove Thundercrypt Ransomware and we suggest using SpyHunter to locate the hidden malware and delete its files manually.