.THOR File Extension

Locky Ransomware Encrypted File

Developer N/A
Popularity
2.0  |  1 Vote
 

What is a THOR file?

A file with a .thor extension is a file encrypted by the Locky trojan horse virus, which is malware utilized by cybercriminals. It contains a user's file, such as an .AVI or .XLSX file, encrypted with the RSA-2048 algorithm and AES-128 ciphers. AESIR files became prevalent in 2016 as a Locky Virus variant and are similar to .LOCKY files.

More Information

The Locky virus is ransomware that takes a victim's files hostage. It then forces them to pay the perpetrator (typically through Bitcoin) to recover their files.

How the Locky virus affects files

The Locky virus is a trojan horse that typically enters a victim's computer through a spam email attachment. For example, the cybercriminal may send an email with a .DOCM file attachment with a macro embedded. Torrent websites and malicious advertisements are also common culprits.

Once the virus affects their computer, it scrambles, renames, and encrypts their files. The virus then generates the _WHAT_is.bmp and _WHAT_is.html files on the user's computer desktop and changes the desktop wallpaper. The files include messages informing the victim of the takeover and what they need to do to recover their files (typically by paying a Bitcoin ransom).

Common THOR Filenames

[8 random characters]-[4 random characters]-[4 random characters]-[4 random characters]-[12 random characters].thor - Encrypted files are renamed with a sequence of random characters followed by the .thor file extension. For example, a example.docx file becomes Q56SV89X-25PC-1L0G-3HT8-397SZK25RMI6.thor.

How to open a THOR file

There is no program currently available to restore THOR files to their original state. If you back up your files you can execute a full system restore.

Warning

FileInfo.com recommends you never pay a ransom to decrypt files encrypted by ransomware. Paying a ransom encourages ransomware distributors to continue their efforts, and there is no guarantee you will gain access to your files upon paying the ransom. Instead, you should restore your data from a recent backup created before the ransomware infected your computer.

Open over 400 file formats with File Viewer Plus.Free Download

Programs that open THOR files

Windows
System Restore

Verified by FileInfo.com

The FileInfo.com team has independently researched the Locky Ransomware Encrypted file format and Windows apps listed on this page. Our goal is 100% accuracy and we only publish information about file types that we have verified.

If you would like to suggest any additions or updates to this page, please let us know.

‹ .THMX  |  .THP ›