TowerWeb targets Windows OS and the method of distribution is currently unknown. It is a screen locker that pretends to be ransomware and, once its executable is launched, the infected system continuously reboots itself. However, this process can be stopped by entering shutdown -a in the command line prompt. It also swaps the functions of the left and right mouse buttons to frustrate the victim. TowerWeb only deletes files in the user’s profile, temp folder, and recycle bin and does not encrypt any files. TowerWeb demands a ransom payment of $100 to $125 USD but deleted files can be recovered using data recovery software.
- Bleeping Computer provides more information about TowerWeb here.
- Since TowerWeb does not encrypt files, no decryption tool is needed.