Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Aug 2018

How to remove Torchwood ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Olivia Morelli · Ransomware analyst

Torchwood ransomware – an old file-encrypting virus which has been active since 2013

Torchwood ransomware

Torchwood ransomware is one of the oldest file-encrypting cyber threats which started its activity in 2013. This dangerous virus manages to infect computer systems which are not protected appropriately. Additionally, cybercrooks modify various system settings manually, and, when the process is completed, the Torchwood virus drops its hazardous payload and starts the encryption. Files are locked with the .TRCHWD, .torchwood, or .TORCHWOOD extensions by using an AES cipher[1]. After that, crooks display a ransom note which urges victims to show contact via torchwood0000@yandex.com email address and pay the demanded ransom to receive a decryption code for blocked documents.

Name  Torchwood
Type Ransomware
Active since 2013
Extensions TRCHWD, .TORCHWOOD, .torchwood
Email torchwood0000@yandex.com
Dangers Encrypts important documents, might make the system more vulnerable for other infections
Cipher used AES
Elimination Install FortectIntego

Torchwood ransomware encrypts files such as:

  • Audio;
  • Video;
  • Image;
  • PDFs;
  • Databases;
  • Spreadsheets;
  • etc.

Once such data is locked, users are not able to access it as Torchwood ransomware changes its structure by using a unique code. Both decryption and encryption keys are stored on external servers and kept out of reach for anyone except the criminals themselves. Without having decryption keys, the recovery process is almost impossible to even for highly-experienced IT specialists.

However, we do not recommend contacting the crooks or paying the demanded price. No matter it might seem like the easiest way to get your files back, malware researchers[2] have warned victims that they can be left scammed and face financial losses. If you happen to spot encrypted files with the beforementioned appendixes, you need to remove Torchwood virus from your computer system at first. For such purpose, we advise installing anti-malware help such as FortectIntego or any other trustworthy computer fixing program.

Dealing with ransomware threats is never a good idea as some ransomware-type viruses[3] can also decrease system protection or even disable the antivirus program. Beware that such processes can increase the risk of various computer infections. If you want to avoid such damaging consequences, you need to perform the Torchwood ransomware removal as soon as you spot the first symptoms.

Taking into account the ransom fee, note that it can differ each time for every victim. However, it is known that cybercrooks are very likely to use cryptocurrency, e.g., Bitcoin, Monero, Dash. 

Here is the extraction for the Torchwood virus ransom message:

Attention!
If you read this message, then you already guessed that there is something wrong with the computer.
We are obliged to inform you about not the most pleasant news:
All your information (documents, databases, backups and other files) on this computer has been encrypted.
All encrypted files have the extension .TORCHWOOD
This encoder is completely crack-resistant, so you can restore files only by having a unique decoder for your PC.
Changing the operating system, installing antivirus software and contacting decryption specialists will only take your time.
Without a decoder this problem will not be solved by any system administrator in the world.
Just in case, we warn:
Do not change files and do not use other decoders, otherwise, you can lose your data forever.
If you still want to try to solve the problem yourself, then do it on a copy so that later there are no claims to us.

To find out how to get the decoder, write us an email to torchwood0000@yandex.com
Please duplicate all your emails to the address – torchwood@66.ru
If we did not respond within 6 hours, please resend the email.

In the letter, enter the number – [user ID] or paste the text from the file INSTRUCTION_PROFILING_FILE.txt
In the reply email, you will receive all instructions.'

Torchwood virus

Ransomware distributes through phishing emails

If you have a ransomware infection in your computer, there is a big chance that it might have come from a spam email that you have opened recently and managed to launch an attachment that was clipped to it. You need to be careful with such phishing messages as they might come legitimate-looking. However, if you ever receive spam and you are not expecting anything important at the moment, get rid of all questionable emails permanently.

Additionally, we advise increasing your computer system protection automatically. What you need to do is download and install antivirus protection on your PC. Make sure you chose an expert-tested and trustworthy program to achieve best results. Once you install the antivirus, check it regularly and ensure that all required updates are performed from time to time. If taken care of properly, this security tool will let you avoid various dangerous malware infections that can enter computer systems unnoticed.

Get rid of Torchwood ransomware

If you want to remove Torchwood ransomware from your affected computer system, you need to make sure that you pick the right elimination tool for this purpose. We suggest using FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes. However, you can feel free to use any tools that you have on your computer as long as they function properly and are tested by IT experts.

There is no possibility to perform the Torchwood ransomware removal manually if you do not have enough experience in such a sphere. Better chose to do it with the help of a trustworthy tool, the process will be completed safely and will not require much of the user's effort. Once its done, make sure you carry out some system backups to check if all virus-related components have been removed successfully.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.