» 뉴스 » 연구진은 TFlower의 성장 활동에 대한 말, RDP를 사용하는 다른 랜섬

연구진은 TFlower의 성장 활동에 대한 말, RDP를 사용하는 다른 랜섬

삑삑이 컴퓨터에 따르면, TFlower의 활동, RDP를 사용하여 기업 네트워크에 중점을두고 랜섬, 추진력을 얻기 시작했다.

he malware arrived in late July and installs into the system after a hacker attack aimed gaining access to the Remote Desktop service.

“With the huge payments being earned by ransomware developers as they target businesses and government agencies, it is not surprising to see new ransomware being developed to take advantage of this surge in high ransoms. Such is the case with the TFlower ransomware”, - 보고서 삑삑이 컴퓨터 기자.

현재, TFlower is distributed to victims as a chilli.exe file and encrypts data using the AES algorithm in CBC mode. It also able to remove shadow copies of Windows, disable the recovery tools for Windows 10 and force shut down the Outlook.exe process to get to its files.

The malware encryption process displays in the console; and having started this task, it connects to the control center and updates his status. Searching and converting the victim’s files, TFlower bypasses the Windows folder and the “Samples of music” (위치 – 기음:\Users\Public\Public Music\Sample Music).

The rookie does not have his own extension for encrypted files, he only adds the *tflower token and the encryption key to them. After completing its work, the malware reports this to the C&C 서버, and on the infected machine messages appear asking for ransom !_Notice_!.txtin all folders with modified files and on the desktop.

For instructions on recovering files, ransomware offers to contact them by email using @protonmail.com or @tutanota.com.

독서  .FREDD 랜섬

When TFlower debuted, its overlords charged 15 bitcoins per decryption key. Since the end of August, they ceased to indicate the size of the ransom in their messages. It is currently impossible to return files without paying a ransom: analysts are studying malicious code, but have not yet discovered vulnerabilities in the encryption system.

Internet-accessible RDP services as an attack vector are very popular with distributors of encryption programs targeting corporate environment. SamSam, Scarabey, Matrix, Dharma and Nemty 올해, used a similar method of infection.

[합계: 0    평균: 0/5]

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

MERL 바이러스 랜섬웨어를 제거 (+파일 복구)

MerlDo 소개 목차하지의 해독을 지불 “MERL” 파일!PC를 보호하는 방법 …

Gesd 바이러스 랜섬웨어를 제거 (+파일 복구)

GesdDo 소개 목차의 해독을 위해 돈을 보내지 “gesd” 파일!어떻게 보호하는 방법 …

회신을 남겨주