Ransomware removal analysts have warned technology users about a new cyber threat. A ransomware which goes by the name of TotalWipeOut, being true to its name, has been found ‘wiping out’ data from its victims.
According to ransomware removal experts, the ransomware comes through virus-filled e-mails. These e-mails will consist of content that would use greed tactics to encourage users to either click a link or download a file. When the user makes the costly mistake, then the ransomware will latch onto the victim’s PC, enter it and stealthily run processes in the background. These processes start with the disabling of the security tools of the OS and then continue further with scanning of the files.
For encryption purposes, the cryptographic algorithm AES (Advanced Encryption Standard) is used. By this point, the Windows Registry and anti-virus tools have been modified and are used by the cybercriminals from their Control and Command Center.
As a result, the encryption cannot be stopped. It will be too late before you can understand the blocking of access to your files. To identify if the ransomware is indeed TotalWipeOut, look for the ‘.TW’ extension of your locked files.
Subsequently, victims will be greeted with a ransom note. Interestingly, the note is written in 9 different languages, including English, Spanish, Hindi and Russian. Ransomware removal analysts believe that this indicates the ransomware’s attempt to simultaneously attack and create panic on an international scale like other notorious ransomware including WannaCry.
The note also contains the ransom amount – 1 Monero (XMR) – a leading privacy-oriented cryptocurrency that has received recognition in dark web and other cybercriminal forums. However, the cybercriminals have not included any contact details which would allow victims to make any future communication.
Due to the ransomware’s newness, you would not find any tools for decrypting your files. Hence, you will require consultation with security experts for ransomware removal and data recovery.