What is Tohj ransomware?
Tohj is an illegal program made by cybercriminals to extort money. When Tohj infects the victim’s computer, it encrypts all files on it using a cryptographic algorithm. These encrypted files cannot be opened, edited, previewed, or otherwise accessed. As people often have important files on their computers, losing access to them can pose a serious issue. This is how hackers make money; they demand a large payment from the victim to decrypt the files and make them accessible again. This is why this type of programs is called ransomware.
When it comes to Tohj specifically, it is a part of the STOP/Djvu ransomware family. All viruses in this family are near-identical; you can compare Tohj with Aayu, another program in this family, to see for yourself. There are only three differences. First is the name of the virus. All STOP/Djvu viruses rename the files they encrypt, giving them a new extension. In this case, the .tohj file extension (this is how the virus got its name). Another difference is in the ransom note they leave. All of them are named “_readme.txt”, and contain identical demands, but the hackers’ contact information obviously differs. Check the image above to see Tohj ransom note. The final difference is the encryption algorithm.
However, it is likely that your interest is not purely theoretical. Practical instructions explaining how to remove Tohj ransomware and decrypt .tohj files can be found in the guide below.