What is Ransomware?
Ransomware is a type of malware program that targets personal computers and mobile devices. Targets are typically individuals but sometimes businesses or government offices can be targeted as well. Ransomware encrypts all available data on the device, making it inaccessible without paying a ransom to the attacker in exchange for an encrypted key which would allow access to all data on the device once again. Ransomware has also been called a cryptovirus because it uses cryptography (encryption) to hide its presence from antivirus software and even security researchers.
How Does Ransomware Spread?
Ransomware spreads by way of phishing emails. Emails containing malicious attachments, links or even the actual ransomware itself are sent to targets that are usually individuals. These emails may be crafted in such a way as to appear legitimate and attract more for certain people than others.
Furthermore, ransomware is also sometimes spread through OS software vulnerabilities or through exploit kits that distribute malware on the internet (some of these software vulnerabilities may have nothing to do with ransomware and can be used by malware other than ransomware).
How Does Tohnichi Ransomware Work?
Tohnichi Ransomware works by encrypting all the files on your device. You are asked to pay a certain amount of cryptocurrency in ransom, usually Bitcoin or Monero. If you refuse to pay the ransomware attackers a ransom, they will not release your data and it will remain unusable until you pay them.
Tohnichi Ransomware usually targets mobile devices but can also target computers running older operating systems like Windows XP and before.
Unlike other ransomware programs, Tohnichi Ransomware will not encrypt files that have certain file extensions (.jpg, .wma, .wmv etc). This is in order to make it more effective as a means of extortion and also to stop the victim from being able to see what files are being encrypted and what kind of files they have lost access to. The malware scans the entire device for file types it knows are not sensitive and does not encrypt those.
How to Remove Tohnichi Ransomware
Look out for ransomware in your inbox or on a website, then follow these steps to remove it:
First, you should back up all of your important files and folders before performing any changes to your device. You can do this by creating a backup of the current state by using the cmd line tool called robocopy (usually found in system32) or by using an app like iCloud or Google Drive.
Next, reboot into Safe Mode with Networking if you're running Windows 10 and cannot boot normally without it; otherwise, skip to step 3. In Safe Mode with Networking, ransomware will not run because it needs an internet connection but all apps are still functional so you can remove the malware from your device.
Once you've rebooted into Safe Mode, browse to C:\ProgramData and C:\Users\<USERNAME>\AppData\Roaming.
Delete all files within the above two folders with a file manager like Windows Explorer or Total Commander to remove Tohnichi Ransomware's malicious files and registry entries.
Then, boot back into the normal Windows mode and load up your antivirus program of choice. Scan your computer for any malware and remove any malware that is found. After that, run a full scan of your entire system with the latest version of your antivirus program to remove any other malicious files.
How to Protect My Computer From Ransomware
The best and most secure way to protect your computer from ransomware is by always having current antivirus software installed on your computer. In addition to this, you should make sure that your operating system software is up-to-date as well.