Thanksgiving Ransomware Virus (Removal Steps and Protection Updates)

The Thanksgiving ransomware is a new ransomware threat that is under development and an active investigation by malware researchers. To learn more about the strain continue reading our removal guide.


Name
Thanksgiving

File Extensions
Unknown

Ransom
Varies

Solution #1
You can skip all steps and remove Thanksgiving with the help of an anti-malware tool.

Solution #2
Thanksgiving ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
Spam Email Campaigns, malicious ads & etc.

Thanksgiving Ransomware Description

The Thanksgiving ransomware is a new malware strain that is identified as a work-in-progress project by the malware researchers who reported the samples. Not much is known about the threat except information about its ransom note and the affected file type extensions. The Thanksgiving ransoomware affects a total of 1343 file type extensions which are then processed through the encryption module.

thanksgiving-ransomware-affected-files-bss-image

There are several text documents that have been identified with the threat:

lblMain.txt:

All files including videos, photos and documents on your computer have been encrypted by this software.

Encryption was produced using a unique key specific to your computer. The only way to obtain your files back is to decrypt them using the unique key specific to your computer.

Your unique key is stored on a TOR server which will automatically destroy itself after 1
week. After that, no one will be able to restore your files.

If this program is altered in any way without ransom being payed, your files be lost
forever.

Your files will be automatically decrypted once the payment is received.

This program automatically communicates with the server and will decrypt your files once
the payment has been received. Any questins, email me at: [email protected]. An
email needs to be sent when you have sent your payment with your IP address.

Another ransomware note with the file name lbFinallyText.txt reads the following:

The damage has been done. It does not matter whether you remove this program or not, your
data cannot be recovered by anay other means. Your system is useless. It will be even more
useless once you meet your due date.

– Attempting to close the program will delete a random file
-Cutting off your internet connection will delete a file
-Any attempt of removing the program will delete files

Once the payment has been received, your files will be decrypted automatically once we
receive an email from you.

Your system is unusable. We recommend using another device to navigate the internet for you
to be able to purchase bitcoins.

If this program is to ever dissapear, feel free to open it up again from where you saved it.

Another message named lbBitcoinInfoMain.txt explains the crypto currency to the user:

Bitcoins are a cryptocurrency. First of all, you need a wallet to store the bitcoins which you purchase.
Ordering 1% more bitcoins than the amount you are due is recommended due to wallet transfer rates.

Now you need to find a place to purchase bitcoins. Simply google search “buy bitcoins” and
purchase from the websites which appear in your google search. Make sure you place the
bitcoins into your own wallet before sending it to the instructed address.

Once you have the bitcoins, send them to the address specified above, and your files will
automatically be decrypted and the negative effects of this program will disappear.

Thanksgiving Ransomware Distribution

The Thanksgiving ransomware malware samples are still too few to name a single distribution method. However most likely attackers are going to use spam eamil campaigns in live attacks once the virus is completed.

Thanksgiving Ransomware Removal

For a faster solution, you can run a scan with an advanced malware removal tool and delete Thanksgiving completely with a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely Thanksgiving Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of Thanksgiving requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete Thanksgiving ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps

restore-files-using-system-restore-point

STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *