Russel 0 Posted May 5, 2017 Report Share Posted May 5, 2017 Has anyone been hit with ransomware calling itself ThunderCrypt ? It encrypted my graphics, .ppt, .doc, .xls, .xlsx, .html, .c, .h files and some others I am sure. It claims to use hybrid RSA-2048 encryption. It looks like it was using powershell. I ended that process and the ransom window went away along with the weird internet traffic that netstat was showing. I have attached a couple of files, one is the original and the other is the encrypted one. I have also attached an email correspondence I had with these criminals. Pure_Blend_Labels2.ppt Pure_BlendLabels2-Clean.ppt email_from_thundercrypt.txt Quote Link to post Share on other sites
Sarah W 26 Posted May 9, 2017 Report Share Posted May 9, 2017 Hi Russel, This ransomware looks new. Do you have any ransom note, or the malware file? Regards, Sarah Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.