Pandora (TeslaRVNG) Ransomware


Pandora is the name of a new strain of ransomware. The new variant should not be confused with the Pandora ransomware that made headlines in early 2022, which was a new iteration of the Rook ransomware codebase. The new Pandora malware belongs to the family of TeslaRVNG ransomware clones.

The Pandora (TeslaRVNG) ransomware encrypts most non-essential files on the target system, scrambling documents, media files and archives. Once files are fully encrypted, they receive a multi-string extension appended after the original one, containing the victim ID string and the contact email used by the criminals, as well as the ".Pandora" string.

This means that a file that was previously named "picture.jpg" will turn into something like "id[alphanumeric string].[Harold.Winter1900 at mailfence dot com].picture.jpg.Pandora".

The ransom demand is dropped inside a plain text file named "Pandora.txt" and placed on the desktop. The full text of the ransom note is as follows:

due to security weaknesss you were hacked.

All of your files are currently encrypted by PANDORA .

to decrypt your data contact us at :

Email 1 : Harold.Winter1900 at mailfence dot com

Email 2 : Harold.Winter1900 at cyberfear dot com

mention [id string] as your id in email or title


Do NOT DELETE files at c:\pandora folder, otherwise we wont be able to decrypt your files 

playing with encrypted files may cause permanent data loss.

The faster you write,you will waste less time and recover sooner and may get cheaper price

Our company values its reputation.  We give all guarantees of your files decryption,such as test decryption some of them (non critical ones, for prices >30k we even decrypt critical ones and send screenshots of file opened)

also Sensitive data on your system was DOWNLOADED and we mayh publish them if we dont hear from you

Data may include:

Employees personal data, CVs, DL, SSN.

Private financial information including: clients data, bills, budgets, annual reports, bank statements.

Manufacturing documents including: datagrams, schemas, drawings in solidworks format

And more...

June 14, 2022