Remove TowerWeb Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove TowerWeb Ransomware and Restore Encrypted Files

Ransomware-sensorstechforum-StrictorTowerWeb is a modern ransomware variant that encrypts the files on infected computers, asking the approximate sum of 100 US dollars for decryption of the files. The virus uses a very strong cipher which denies access to the files after encryption. It also changes the wallpaper of infected computers with an image containing ransom instructions. Users who have become victims of TowerWeb ransomware are advised not to pay any ransom to the cyber-criminals and immediately remove it since it threatens to break Windows after 72 hours of no payment. If you want to try and restore the encrypted files, we strongly advise you to read this article and learn how to do it, instead of making the ransom payoff.

Threat Summary

NameTowerWeb
TypeRansomware
Short DescriptionEncrypts files using a strong file encryption algorithm. Asks the sum of 100$ for file decrypion.
SymptomsFiles are encrypted and become inaccessible. The background is changed to a ransom note.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by TowerWeb

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Locky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Ransomware – How It Infects Its Victims

The TowerWeb Ransomware uses several strategies to make a successful infection. For starters, it may use spam bots to spread two types of threats:

  • Malicious web links.
  • Malicious executable files.

These spam bots may send out spam e-mail messages, post spam comments as well as post other messages which may be comments, chat messages, and other types. Such web links may redirect to malicious URLs which can infect the user through a drive-by download or another mean (Exploit Kits, JavaScript). Malicious files can be distributed as e-mail attachments and may resemble Microsoft Office documents or Adobe Reader files. Some malicious files may even be pretending to be installers of various software, widely played games’ cracks or key generators for software.

TowerWeb Ransomware Viewed In Detail

As soon as it has been dropped, TowerWeb may situate one or more files of the following file types:

.exe, .vbs, .bat, .tmp, .dll, .cmd, .tmp

These types of files may be its malicious modules, each one of which has specific functions. These files are usually dropped in key Windows locations, such as the following:

  • %AppData%
  • %Temp%
  • %Roaming%
  • %My Documents%
  • %Desktop%
  • %Temp%

After being dropped, the program may modify the following registry keys to run on Windows Startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

When the malicious files of TowerWeb ransomware have been executed, the virus begins to encrypt a variety of widely used file types.

After it encrypts the files, the ransomware changes the background image of the affected computer to a picture which is Anonymous-themed. It contains the following ransom instructions:

…………WRITE THIS INFORMATION DOWN…………
Ransom Id: {ID}
BTC Address: {ADDRESS}
Email: [email protected]
IF YOU LOOSE THIS INFO, YOU WILL NOT BE ABLE TO CONTACT
…………WRITE THIS INFORMATION DOWN…………
YOU WILL NEED TO USE ANOTHER
DEVICE TO EMAIL US. YOUR
COMPUTER WILL NOT FUNCTION PROPERLY
UNTIL YOU PAY.
Your computer files have been encrypted moved to a hidden ENCRYPTED partition on your computer.
You must pay $100 USD within 24 hours or $150 after 24 hours in Bitcoin to get them back.
After 72 hours all files will be deleted including your operating system.
If you do not have Bitcoin visit www.LocalBitcoins.com to purchase them.
Email us if you need assistance or have paid.
Email: [email protected]
In the mean time, you will notice your computer will not respond to your commands.
Don’t worry… everything will be back to normal when you pay.
Once you pay all your files and programs will be decrypted, and your computer restored quickly.
Without the decryption password, you will not get them back, and your computer will not function properly.
Once payment is received you will get the decryption password and simple instructions to restore all
your files and computer to normal instantly. It takes about five minutes to restore everything to normal.
Once again… after 72 hours all files will be deleted including your operating system.
Email us if you need assistance or have paid.
Email: [email protected]
The same information is on your desktop.
DO NOT LOOSE THE CONTACT INFO
HINT: IF YOU CANT CLICK ON ANYTHING YOUR
MOUSE BUTTONS HAVE ALREADY BEEN REVERSED.
MORE CHANGES WILL COME UNTIL YOU PAY.

The wallpaper changed by it looks similar to another ransomware, called Strictor:

ransowmare-towerweb-sensorstechforum-wallpaeper

TowerWeb Ransomware – Conclusion, Removal, and File Restoration

The bottom line is that this ransomware does not fool around, threating to crash the operating system of the infected PC. This is why we recommend to immediately take actions to stop It and try restoring the files using the instructions below.

To remove Tower Web Ransomware, we strongly advise you to follow the removal manual below. For maximum effectiveness when removing TowerWeb ransomware, you may require an advanced anti-malware program.

Manually delete TowerWeb from your computer

Note! Substantial notification about the TowerWeb threat: Manual removal of TowerWeb requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove TowerWeb files and objects
2.Find malicious files created by TowerWeb on your PC
3.Fix registry entries created by TowerWeb on your PC

Automatically remove TowerWeb by downloading an advanced anti-malware program

1. Remove TowerWeb with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by TowerWeb in the future
3. Restore files encrypted by TowerWeb
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...