This means the following, if the file was named ‘document.docx’, then after it is encrypted, it will be called ‘’. Each file that has been affected by the virus is renamed in such a way that the ‘.towz’ extension is added to its old name on the right. Towz file is a file that has been encrypted by the Towz ransomware and therefore the contents of this file are locked. So it can be used to decrypt files no matter where they were encrypted. The offline key is the same for all computers. The online key is unique for each computer, that is, the key for decrypting files from one computer will not help decrypt files on another computer. There is a significant difference between an “online key” and an “offline key”. If the connection to the command server has not been established, then the virus uses a fixed key (so-called ‘offline key’). If this succeeds, the virus sends data on the infected computer to the server, and from it receives a key (so-called ‘online key’) necessary for file encryption. After that, Towz virus tries to connect to its command server. Upon execution, Towz virus creates a directory in the Windows system directory, copies itself to this directory, changes some OS settings, and also collects information about the infected computer. Typically, ransomware like Towz can infect a computer when installing programs downloaded from torrent web-sites as well as when running cracked games, freeware, key generators and other similar software. This virus sneaks into the system without any visible symptoms, which is why users notice that their computer is infected too late, when the files are already encrypted. Towz ransomware is a malware that is created with the intent to encrypt files located on the victim’s computer, and then extort money to decrypt them. For example, a file named “image.jpg” will be renamed to “”, a “document.docx” file to “”, “invoice.pdf” to “”, and so on.
towz extension, and creates files named “_readme.txt” containing the ransom demand message.
The Towz virus encrypts files, renames them by appending the. Ransomware is a form of malware that encrypts the victim’s files and demands a ransom for decrypting them. Towz virus is a ransomware that belongs to the ransomware family called STOP (Djvu).
0 kommentar(er)
