Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday September 20 2019, @09:27AM   Printer-friendly
from the latest-and-greatest? dept.

Submitted via IRC for SoyCow2718

TFlower Ransomware - The Latest Attack Targeting Businesses

The latest ransomware targeting corporate environments is called TFlower and is being installed on networks after attackers hack into exposed Remote Desktop services.

With the huge payments being earned by ransomware developers as they target businesses and government agencies, it is not surprising to see new ransomware being developed to take advantage of this surge in high ransoms.

Such is the case with the TFlower ransomware, which was discovered in the wild in early August. At the time it was just thought to be another generic ransomware, but sources who have performed incident response involving this ransomware have told BleepingComputer that its activity is beginning to pick up.

TFlower is being installed in a corporate network through exposed Remote Desktop services that are being hacked by attackers.

Once the attackers gain access to the machine, they will infect the local machine or may attempt to traverse the network through tools such as PowerShell Empire, PSExec, etc.

When executed, the ransomware will display a console that shows the activity being performed by the ransomware while it is encrypting a computer.

[...] When done encrypting a computer, it will send another status update to the C2 in the form of:

https://www.domain.com/wp-includes/wp-merge.php?name=[computer_name]&state=success%20[encrypted_file_count],%20retry%20[retried_file_count]

Victims will now find a ransom notes named !_Notice_!.txt placed throughout the computer and on the Windows Desktop. This ransom note will instruct victims to contact the flower.harris@protonmail.com or flower.harris@tutanota.com email addresses for payment instructions.

It is not known how much the ransom amounts are at this time.

TFlower is still being researched, so it is not known at this time if there are any weaknesses in the encryption that could allow a user to get their files back for free.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.