Learn to Remove ThunderCrypt Ransomware and Restore Your Files

It is a sad day today for me since my computer was suddenly hit by a ransomware called ThunderCrypt. I did not realize its coming until I saw the notification popped up on my desktop. It encrypted all my personal files and required me to buy the private key to recover my files. This is my first time to get attacked by ransomware and I am really afraid of losing my files forever. What can I do now? Please give me some suggestion.


Ransomware is a type of fearsome computer threat that almost PC users want to avoid. However, sometimes even though users have safeguarded their machines with an excellent antivirus program, they may get attacked by ransomware, having their important files encrypted and being threatened to lose their files permanently if the required ransom isn’t paid. But it should be noted that, paying the ransom may not be able to get your files back, and this will encourage more ransomware attacks. Therefore, we highly recommend you get rid of the ransomware that has infected your PC first and then try other ways to restore your files.

SpyHunter is recommended to remove ThunderCrypt ransomware. It is a professional malware removal tool which can detect and remove various types of malware on your PC.

remove thundercrypt now

ThunderCrypt Description

ThunderCrypt is another strain of ransomware that attacks computers and encrypts files by using advanced cryptography for ransom. Research shows that this ransomware was identified in the first week of May 2017. It targets many types of files from different directories, including Adobe documents, Microsoft Office documents, video files, audio files, images, archives, spreadsheets, compressed archives, zipped folders and others. It encrypts them using the RSA-2048 encryption algorithm. Those files encrypted will be renamed and become inaccessible without a private key. The cyber hackers behind this ransomware require the victims to make a payment of 0.345 Bitcoin (about 648 USD) in exchange for the private key. If the payment is not paid before the deadline, the private key will be erased from the server where it is stored and the victims will lose their encrypted files forever.

Below is a screenshot of the ransom note which will be displayed on the victims’ computer desktop after the ransomware gets installed on the target computers and finishes the file encryption.

ransom note

How Does the Ransomware Enter Your PC?

Most ransomware spreads by means of spam emails. ThunderCrypt is no exception. Its authors send thousands of spam emails to random email users. The emails contain messages of different topics, attempting to lure the recipients into clicking on the malicious attachments. For example, a user would receive an email containing subject like “invoice” and an attached file (actually it is a macro-enabled document). Once the user is scammed and opens the attachment, he will trigger the downloading of the ransomware.

Besides, ThunderCrypt can be distributed through fake Adobe Flash player update. Users may be shown a popup window, requiring them to install the latest version of Adobe Flash Player; however, it is a fake update file which acts as an installer for the ransomware. Once the update file is downloaded and launched, the ransomware will be activated and start performing its malicious activities on the victims’ computers.


Should You Pay the Ransom?

We do not recommend paying the ransom because there is no way to be sure that the cyber hackers will give you the private key after taking your money. It is possible that you lose both your personal files and money. Besides, paying the ransom will only breed more ransomware attacks.


Therefore, we suggest that you do not pay the ransom. Instead, you should quickly get rid of ThunderCrypt ransomware and use other methods to restore your files.

ThunderCrypt Ransomware Removal Instruction

At the mention of ransomware removal, you may think of system restore and antivirus program. Indeed, system restore is a Windows feature that can help fix certain types of computer problems, like crashing, blue screen of death, and malware infections. However, ThunderCrypt will delete the system’s restore points upon its installation, so this method cannot be used to delete the ransomware. As the ransomware can hide its traces deep in the system, manual removal is also impractical for general PC users. Therefore, we highly recommend using an advanced anti-malware program to perform the removal of ThunderCrypt ransomware.

Our top pick is: SpyHunter

SpyHunter is an advanced anti-malware program that blocks, detects, and removes many types of malware like Trojans, worms, viruses, browser hijackers, adware, rootkits, keyloggers, ransomware and more from your PC. With the latest technologies, SpyHunter has effectively helped a large number of computer users fix their malware problems. Besides, SpyHunter provides 7X24 online tech support to help users resolve problems that can’t be fixed by the tool automatically. Fore more details about SpyHunter, click here.


To begin with, you need to download and install SpyHunter on your PC.

Click on the button below and save the setup file on your PC.


Locate and double click on the file downloaded and then click the Run button when a dialog box pops up as below.


click run

Select your language and click the OK button.

select language

Click CONTINUE to proceed.

click continue

Click I accept the EULA and Policy and click the INSTALL button.

accept terms and agreements

Wait for the installation of SpyHunter to be completed.


Click the FINISH button when SpyHunter is successfully installed.

click finish

Next, Reboot the computer into Safe Mode with Networking.

Open Start menu, go to Shut down and click Restart


Tap F8 key repeatly before the Windows logo appears. F8 key is to initiate Advanced Boot Options menu.

When the Advanced Boot Options screen appears, select Safe Mode with Networking by using the up and down arrow keys and then hit the Enter key.


Then, run SpyHunter to kill ThunderCrypt ransomware and other existing threats.

Double click the icon of SpyHunter to run it. On its main screen, click the Scan Computer Now button to do a full system scan.

scan computer now

SpyHunter now will start scanning the entire system for any existing threats.

scanning process

When the scanning is done, SpyHunter will show all detected threats, the malicious ransomware, browser hijackers, and other potentially unwanted programs. Click the Fix Threats button and SpyHunter will completely remove all found threats.


Finally, restart the computer and run a system scan once again.

Click the Start menu, go to Shut down and click Restart. Once the Windows has logged in, run SpyHunter and conduct a full system scan again. If there are still any threats detected, remove them. If no threats are detected. Then, proceed to the next step.


* SpyHunter’s free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. In case you cannot remove the ransomware using this tool, please contact the tech support for further help.

How to Restore Your Files?

If you don’t want to pay the ransom, you can try the following methods to restore your files.

Method 1: Use the Backups

The precondition to use this method is that you make a backup of your files before the ransomware attack. If you have, you can easily restore your files from a backup by following the steps below.

1. Click the Start menu, type backup into the search text box and click Backup and Restore from the resulting list.


2. In the popup window, find and click the Restore my files button.

resore my files3. Now you can browse for the file or folder you have recently backed up.

browse for folders

4. You can restore them back to the original location or choose a different place. click Restore and the system will start restoring your files.


Method 2: Use Shadow Volume Copies

Another method is to use Shadow Volume Copies. If the ransomware hasn’t time to delete your shadow copies, and you notice and delete it in the first place, you might be able to restore your files with this method. See the detailed guide here.

Method 3: Use a Decryption Tool

So far, there isn’t a specialized tool created to help decrypt the files encrypted by ThunderCrypt ransomware. But you still can try Kaspersky’s decryption tool and Trend Micro’s ransomware file decryptor.

Precaution Is Better Than Cure

Ransomware uses email scams and take advantage of vulnerabilities found in your operating system, web browsers and other software to access your computer. It can encrypt all important files stored on your hard drives and demand ransom for recovery of them. The ransom can be so high that you cannot afford or are unwilling to pay. Therefore, it is best for you to take preventative measures against ransomware. Here are a few tips to help keep you away from the ransomware or avoid being threatened by it:

  • Making a backup of your important files is the best solution in a fight against ransomware. If you are unluckily hit by a file-encrypting ransomware, you no need to worry – you can just remove the ransomware and restore your files from the backup. But make sure that you back up your files to an external hard-drive or any other backup appliance. Besides, if you have websites, do not forget to back up the website databases, since some ransomware will also target websites.
  • Ransomware often attacks your computer by exploiting system holes and vulnerabilities in your software. So, make sure you use legitimate version of operating system and software, and keep them updated regularly. You can open Control Panel and go to Windows Update to see if the machine is set to automatically install updates. If not, configure it immediately.
  • Install a reliable anti-malware program and update it regularly. Besides, ensure you Windows firewall is running when browsing the Internet. With an anti-malware program and firewall running, you can block 97% malicious attacks and save you much trouble.
  • Configure the spam filter to block attachments with suspicious extension like .exe to restrict access to spam emails which could bring ransomware.
  • Ransomware often uses macros to attack your PC, so please disable macros on your entire network. You can use the new blocking feature in Office 2016 and disable it via a Group Policy or on an individual basis.
  • Follow the safe surfing rules. Do not visit unknown or trustless websites; be careful of any window that pops up out of nowhere and requires you to download and install updates for Adobe Flash Player or your web browsers; avoid clicking on any questionable links or adverts when browsing the web; download software only from the trustworthy sources, if possible, go to the official websites to download the software you need.

Cyber hackers are inventing new ways of attacking your computer every day. Your computer can be the target of ransomware and other types of malware if you are not careful enough. This is the reason why we recommend PC users to choose and install an advanced anti-malware program to protect their computers.

If you have unfortunately become a victim of ThunderCrypt ransomware and have difficulty in removing it, please click the button below to download an exclusive malware removal tool to clean this malicious threat out of your PC. In case you have any further problem about the ransomware or need technical support, please refer to the Spyware HelpDesk on the main screen of the tool.


Share Button