A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. ThunderX is a relatively new ransomware that became active towards the end of August 2020.

This week, Tesorion was able to find a flaw in the ransomware’s encryption so that victims can decrypt their files without paying a ransom. This decryptor can decrypt files encrypted by the ransomware’s current version and have the .tx_locked extension, as shown below.

To use the decryptor, you will also need to upload both a copy of the readme.txt ransom note and an encrypted file so that a decryption key can be generated.

The ThunderX Ransomware decryptor

To use the decryptor, you will need to upload both a copy of the readme.txt ransom note and an encrypted file to generate a decryption key.

Once you have the ransom note and encrypted files, download Tesorion’s ThunderX Ransomware decryptor and execute it. When prompted, agree with the license agreement, and you will see the following screen.

Click on File > Open and select the readme.txt ransom note. Then press ‘Send‘ to upload the ransom note to Tesorion.

You will now be prompted to upload an encrypted file. Please follow the instructions and upload a PPTX, DOCX, XLSX, or ZIP file.

Once you send the files, Tesorion’s servers will attempt to determine your decryption key. This process can take quite a while, so please be patient.

When done, a decryption key will be downloaded to the decryptor automatically, and you will be prompted to select a folder to decrypt.

To select a folder, click on the select button and select the root folder of a drive (C:, D:, etc) or a particular folder.

Then press the ‘Decrypt‘ button to decrypt all the files in that folder and its subfolders.

When finished decrypting, you will see a summary showing the number of files decrypted and those with problems.

The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.