Blog

Ranstop blocks TFlower ransomware

Ransomware test subject – TFlower

TFlower ransomware is targeting businesses as we speak. Hackers are infiltrating poorly secured infrastructures or services and manually execute the malware. We’ve seen this kind of attack increase lately, and there are legitimate reasons to worry. Just today, a Danish hearing aid manufacturer announced that they might end up losing a whopping $80 to $95 million because of a suspected ransomware attack. Earlier this year, the Norwegian aluminum and renewable company Norsk Hydro announced losses of $41m because of LockerGoga ransomware.

TFlower ransomware – test findings

TFlower, once launched on a corporate asset, will encrypt data by replacing the contents of the original file without renaming it. We call these types of ransomware “replacers”. It will even display a console with its progress. It will also delete shadow volume copies of files, a backup system offered by Windows. Then, it will disable the operating system’s recovery features and environment. To encrypt as many files as possible, TFlower will also terminate processes that might prevent the editing of files, like Outlook, as it will also encrypt email data files. Finally, basic ransom notes are dropped, containing just a few lines of text, including two email addresses.

TFlower ransomware vs Ranstop – test results

TEMASOFT Ranstop detects this version of TFlower ransomware soon after it starts encrypting files. Upon detection, alerts are triggered, and the malware process is blocked and quarantined. The affected files are automatically restored so that the user doesn’t lose any important document.

Because the hacker has already gained access to one PC, the attack usually does not stop here. Using other tools, the hacker will try to infect as many company PCs as possible, endangering the entire business.

Companies should take as many precautions as necessary to prevent ransomware infections because targeted attacks, as we predicted earlier this year, are increasing. The financial hit, once such an attack happens, might be so catastrophic, that some businesses might never recover. Such precautions include hardening security policies, user security awareness, and using dedicated anti-ransomware solutions.


Click here to watch TEMASOFT Ranstop blocking TFlower ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.


 
 

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023