Remove TowerWeb Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove TowerWeb Ransomware and Restore Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by TowerWeb and other threats.
Threats such as TowerWeb may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Ransomware-sensorstechforum-StrictorTowerWeb is a modern ransomware variant that encrypts the files on infected computers, asking the approximate sum of 100 US dollars for decryption of the files. The virus uses a very strong cipher which denies access to the files after encryption. It also changes the wallpaper of infected computers with an image containing ransom instructions. Users who have become victims of TowerWeb ransomware are advised not to pay any ransom to the cyber-criminals and immediately remove it since it threatens to break Windows after 72 hours of no payment. If you want to try and restore the encrypted files, we strongly advise you to read this article and learn how to do it, instead of making the ransom payoff.

Threat Summary

NameTowerWeb
TypeRansomware
Short DescriptionEncrypts files using a strong file encryption algorithm. Asks the sum of 100$ for file decrypion.
SymptomsFiles are encrypted and become inaccessible. The background is changed to a ransom note.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by TowerWeb

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Locky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Ransomware – How It Infects Its Victims

The TowerWeb Ransomware uses several strategies to make a successful infection. For starters, it may use spam bots to spread two types of threats:

  • Malicious web links.
  • Malicious executable files.

These spam bots may send out spam e-mail messages, post spam comments as well as post other messages which may be comments, chat messages, and other types. Such web links may redirect to malicious URLs which can infect the user through a drive-by download or another mean (Exploit Kits, JavaScript). Malicious files can be distributed as e-mail attachments and may resemble Microsoft Office documents or Adobe Reader files. Some malicious files may even be pretending to be installers of various software, widely played games’ cracks or key generators for software.

TowerWeb Ransomware Viewed In Detail

As soon as it has been dropped, TowerWeb may situate one or more files of the following file types:

.exe, .vbs, .bat, .tmp, .dll, .cmd, .tmp

These types of files may be its malicious modules, each one of which has specific functions. These files are usually dropped in key Windows locations, such as the following:

  • %AppData%
  • %Temp%
  • %Roaming%
  • %My Documents%
  • %Desktop%
  • %Temp%

After being dropped, the program may modify the following registry keys to run on Windows Startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

When the malicious files of TowerWeb ransomware have been executed, the virus begins to encrypt a variety of widely used file types.

After it encrypts the files, the ransomware changes the background image of the affected computer to a picture which is Anonymous-themed. It contains the following ransom instructions:

…………WRITE THIS INFORMATION DOWN…………
Ransom Id: {ID}
BTC Address: {ADDRESS}
Email: [email protected]
IF YOU LOOSE THIS INFO, YOU WILL NOT BE ABLE TO CONTACT
…………WRITE THIS INFORMATION DOWN…………
YOU WILL NEED TO USE ANOTHER
DEVICE TO EMAIL US. YOUR
COMPUTER WILL NOT FUNCTION PROPERLY
UNTIL YOU PAY.
Your computer files have been encrypted moved to a hidden ENCRYPTED partition on your computer.
You must pay $100 USD within 24 hours or $150 after 24 hours in Bitcoin to get them back.
After 72 hours all files will be deleted including your operating system.
If you do not have Bitcoin visit www.LocalBitcoins.com to purchase them.
Email us if you need assistance or have paid.
Email: [email protected]
In the mean time, you will notice your computer will not respond to your commands.
Don’t worry… everything will be back to normal when you pay.
Once you pay all your files and programs will be decrypted, and your computer restored quickly.
Without the decryption password, you will not get them back, and your computer will not function properly.
Once payment is received you will get the decryption password and simple instructions to restore all
your files and computer to normal instantly. It takes about five minutes to restore everything to normal.
Once again… after 72 hours all files will be deleted including your operating system.
Email us if you need assistance or have paid.
Email: [email protected]
The same information is on your desktop.
DO NOT LOOSE THE CONTACT INFO
HINT: IF YOU CANT CLICK ON ANYTHING YOUR
MOUSE BUTTONS HAVE ALREADY BEEN REVERSED.
MORE CHANGES WILL COME UNTIL YOU PAY.

The wallpaper changed by it looks similar to another ransomware, called Strictor:

ransowmare-towerweb-sensorstechforum-wallpaeper

TowerWeb Ransomware – Conclusion, Removal, and File Restoration

The bottom line is that this ransomware does not fool around, threating to crash the operating system of the infected PC. This is why we recommend to immediately take actions to stop It and try restoring the files using the instructions below.

To remove Tower Web Ransomware, we strongly advise you to follow the removal manual below. For maximum effectiveness when removing TowerWeb ransomware, you may require an advanced anti-malware program.

Note! Your computer system may be affected by TowerWeb and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as TowerWeb.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove TowerWeb follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove TowerWeb files and objects
2. Find files created by TowerWeb on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by TowerWeb

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...