TotalWipeOut Ransomware is a malicious program that encrypts lots of different file types on the infected computer and then shows a message asking to pay 1 XMR/$200. The strange part is the ransom note does not say how to make the payment or explain how the user’s files would be decrypted after making the payment. Therefore, our specialists suspect the malware might be not fully developed yet. Nonetheless, we cannot be sure it is not being distributed as the hackers could try to spread it at least among a small number of uses for testing purposes. If you are one of the unlucky ones who received it, we would advise reading the rest of this text to get to know this infection better. Also, you may want to take a look at the deletion instructions located below the article: they will explain how to remove TotalWipeOut Ransomware manually.
In case the malicious program is being distributed we believe the cybercriminals behind TotalWipeOut Ransomware may spread it via Spam emails or software installers suggested on pop-up ads, various unreliable file-sharing web pages, and so on. It means more careful users could avoid such threats by staying away from attachments received with emails from unknown senders or by avoiding downloading any data offered on untrustworthy web pages. Additionally, we would advise users to acquire a reliable security tool as it could also prevent various malicious applications from entering the system. Of course, you should never forget such software needs to be up to date or else it might be unable to identify newer threats.
Our specialists say TotalWipeOut Ransomware should not need to create any additional data to start the encryption process, which means the malware might work right from the directory where it was launched. Also, it could start encrypting various files right away. It seems the infection is capable of locking a lot of different file types, for example, it can affect files with .doc, .docx, .log, .msg, .odt, .pages, .rtf, .tex, .txt, .wpd, .wps, .csv, .dat, .ged, .key, .keychain, .pps, .ppt, .pptx, .sdf, .tar, . .obj, .bmp, .dds, .gif, .jpg, .png, .psd, .tga, .thm, .tif, .tiff, .yuv, .ai, .eps, .ps, .svg, .indd, .pct, .pdf, .xlr, .xls, .xlsx, and many other extensions. While doing so the malware should add an extra extension called .TW to each encrypted file. For instance, a document named text.docx might turn into text.docx.TW. Next, the malicious application should place a JPG image called Untitled on the victim’s computer. It shows a short message written in many different languages. The English version of it says: “Hello. All of files may have been encrypted. If this is the case - The price of the decryption is 1 XMR/$200.”
Unfortunately, the encrypted files cannot be unlocked without a decryption tool and without any information on how to pay the ransom the threat’s victims cannot even purchase it. Not that we would advise paying the ransom as there is always a change the hackers could scam you. Thus, we recommend restoring the data you can from backup copies stored on cloud storage, removable media devices, social media profiles, etc. Needless to say, it would be safest to restore files only when you remove TotalWipeOut Ransomware. To erase it manually you could use the instructions located below, and if you prefer using automatic features, you should download a reliable security tool you prefer.