TFlower ransomware is the most recently detected ransomware which is targeting the corporate sector.
The attackers are aiming towards exposed Remote Desktop services and are using it for planting virus. TFlower was detected around early August this year. TFlower is targeting exposed RDP and gaining access to the target systems. After attaining access to the machine, the attacker hacks it and tries to traverse the entire network to which the machine is connected. The execution starts with a console which shows the tasks that the ransomware is performing and simultaneous encryption takes place.
After the encryption starts, the ransomware connects back to its C2(Command and Control) server and gives the status update. After the successful completion of the attack, users will find a note named !_Notice_!.txt placed throughout the system. The note has a message that notifies users that their data has been encrypted and the company will now have to pay the ransom in order to receive the decryption key. The note also contains 2 email ids through which the company should contact the attacker.
TFlower being the most recent ransomware is under research and the way of defending against it has not yet been discovered.
Use NPAV Z-Security for complete protection against all ransomware attacks.
good protection
Good??
Good service