Thx Ransomware is a Dharma Family Member Prone to Encrypting Essential Files
Thx belongs to the Dharma ransomware family and focuses on encrypting data as its primary objective. During the encryption process, Thx incorporates specific identifiers into the original filenames, such as the victim's ID, the email address cluster1@outlook.sa, and the file extension ".thx".
To illustrate, a file originally named "1.jpg" would be transformed into "1.jpg.id-1E857D00.[cluster1@outlook.sa].thx", while "2.png" would change to "2.png.id-1E857D00.[cluster1@outlook.sa].thx," and so forth. Additionally, Thx ransomware exhibits a pop-up window and generates a file named "info.txt," which contains a ransom note.
The ransom note informs victims that their files have been encrypted, and to recover them, they are instructed to contact the provided email addresses (cluster1@outlook.sa or cluster@mailfence.com). The note also states that the decryption of up to three files is offered free of charge, but with some conditions. These files must be smaller than 3Mb in size and should not contain valuable information.
Furthermore, the note provides guidance on how to obtain Bitcoins for the payment. It cautions against renaming encrypted files or attempting decryption using third-party software, as these actions may result in permanent data loss or an increased decryption price.
Thx Ransom Note Offers Decryption of Three Files
The full text of the Thx ransom note reads as follows:
All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: cluster1@outlook.sa YOUR ID 1E857D00
If you have not answered by mail within 12 hours, write to us by another mail:cluster@mailfence.com
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain BitcoinsAlso you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
How Can You Protect Your System From Ransomware Like Thx?
To protect your system from ransomware like Thx, here are some recommended measures:
- Backup Your Data: Regularly backup your important files and data to an offline or cloud-based backup solution. This ensures that even if your files are encrypted by ransomware, you can restore them without paying the ransom.
- Keep Software Updated: Maintain up-to-date software on your system, including the operating system, applications, and security software. Updates often include security patches that address vulnerabilities that ransomware may exploit.
- Use Reliable Security Software: Install reputable antivirus and anti-malware software on your system. Keep it updated and run regular scans to detect and remove any potential threats.
- Exercise Caution with Email Attachments and Links: Be cautious when opening email attachments or clicking on links, especially if they are from unknown or suspicious sources. Verify the sender's identity and scan attachments with security software before opening them.
- Enable Email Filtering and Spam Detection: Configure your email client or server to filter and detect spam or potentially malicious emails. This helps reduce the risk of opening phishing emails containing ransomware.
- Be Wary of Downloads and Websites: Only download files and applications from trusted sources. Be cautious when visiting websites, especially those of questionable reputation or containing suspicious pop-up windows.
