Ransomware test subject – TFlower
TFlower ransomware is targeting businesses as we speak. Hackers are infiltrating poorly secured infrastructures or services and manually execute the malware. We’ve seen this kind of attack increase lately, and there are legitimate reasons to worry. Just today, a Danish hearing aid manufacturer announced that they might end up losing a whopping $80 to $95 million because of a suspected ransomware attack. Earlier this year, the Norwegian aluminum and renewable company Norsk Hydro announced losses of $41m because of LockerGoga ransomware.
TFlower ransomware – test findings
TFlower, once launched on a corporate asset, will encrypt data by replacing the contents of the original file without renaming it. We call these types of ransomware “replacers”. It will even display a console with its progress. It will also delete shadow volume copies of files, a backup system offered by Windows. Then, it will disable the operating system’s recovery features and environment. To encrypt as many files as possible, TFlower will also terminate processes that might prevent the editing of files, like Outlook, as it will also encrypt email data files. Finally, basic ransom notes are dropped, containing just a few lines of text, including two email addresses.
TFlower ransomware vs Ranstop – test results
TEMASOFT Ranstop detects this version of TFlower ransomware soon after it starts encrypting files. Upon detection, alerts are triggered, and the malware process is blocked and quarantined. The affected files are automatically restored so that the user doesn’t lose any important document.
Because the hacker has already gained access to one PC, the attack usually does not stop here. Using other tools, the hacker will try to infect as many company PCs as possible, endangering the entire business.
Companies should take as many precautions as necessary to prevent ransomware infections because targeted attacks, as we predicted earlier this year, are increasing. The financial hit, once such an attack happens, might be so catastrophic, that some businesses might never recover. Such precautions include hardening security policies, user security awareness, and using dedicated anti-ransomware solutions.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.