The Torchwood Ransomware is a file-encryption Trojan, which has been active in Russia for the past few years, and it seems that its authors update it regularly to reduce the number of anti-malware programs that detect it, as well as make sure that the encryption algorithm works flawlessly and is impossible to crack. The latest edition of the Torchwood Ransomware targets mostly servers, and its attackers rely on finding and exploiting vulnerable remote desktop software and services. By doing this, they can execute the Torchwood Ransomware manually, encrypt the victim’s files, and then remove any traces of their presence.

When the Torchwood Ransomware is launched, it will begin to encrypt a broad range of files such as Microsoft documents & spreadsheets, text files, databases, photos, songs, videos, archives, PDFs, etc. immediately. Whenever a file is encrypted, the Torchwood Ransomware will add the ‘.TRCHWD’ extension to its name (previous variants used either ‘.TORCHWOOD’ or ‘.torchwood’). The ransom note is dropped at the end of the attack, and it is situated in the file ‘ИНСТРУКЦИЯ.txt’ (translates to ‘INSTRUCTIONS’) usually.

The ransom note tells the victims that they can get one of their files (under 10MB) unlocked for free, but they will need to pay money to get the rest of their data decrypted. It also provides a victim ID and two e-mail addresses, which should be used to get in touch with the perpetrators – [email protected] and [email protected]. Even if you contact the ransomware’s operators and they restore your file, you should not agree to follow the rest of their instructions. They are likely to demand a hefty ransom payment, which should be sent via Bitcoin or a similar cryptocurrency. These transactions are irreversible and impossible to track so that the risk of being tricked is huge.

If the Torchwood Ransomware has damaged your computer, then we advise you to disregard the demands of the attackers and eliminate the threatening program with the help of a trustworthy anti-virus application immediately. Sadly, removing the ransomware will not recover the encrypted files, and you might need to resort to using 3rd-party file recovery tools and techniques.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]