Tangem Ransomware is a New MedusaLocker Variant Using Encryption To Lock PCs
Our researchers discovered Tangem, a malicious program that encrypts data and demands ransoms for decryption. It is a type of ransomware that belongs to the MedusaLocker ransomware family. When tested on our machine, Tangem encrypted files and changed their filenames by adding the ".tangem" extension. The ransomware creates a ransom note named "How_to_back_files.html," indicating that it targets companies rather than home users.
The note states that the company's network has been compromised, and the files were encrypted using RSA and AES cryptographic algorithms during the attack. The message warns that renaming or modifying the affected files or using third-party decryption software will result in permanent data loss. Moreover, the ransom note informs victims that their confidential or personal information has been stolen and recovering the encrypted files will require paying a ransom. Refusal to pay the ransom will result in the stolen data being leaked or sold. Before paying, victims can send three files to the attackers to test decryption.
Tangem Uses Standard-Issue MedusaLocker Ransom Note
The full text of the ransom note used by Tangem goes as follows:
YOUR PERSONAL ID:
YOUR COMPANY NETWORK HAS BEEN PENETRATED
All your important files have been encrypted!Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able to
solve your problem.We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or prevent
your business from running.You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.Contact us for price and get decryption software.
email:
ithelp011@decorous.cyou
ithelp011@decorous.cyou
- To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
How Can Ransomware Like Tangem Sneak on Your System?
Ransomware like Tangem can sneak onto your system in several ways. One common method is through phishing emails, where attackers send malicious emails that trick users into clicking on a link or downloading an attachment containing the ransomware. Another way ransomware can sneak onto your system is through exploiting vulnerabilities in software or operating systems that have not been patched or updated.
Ransomware can also be downloaded unknowingly by users from malicious websites or through downloading pirated software or media from untrusted sources. Additionally, ransomware can be spread through infected USB drives or other removable media.
It is essential to take precautionary measures to protect your system from ransomware attacks. These include keeping your operating system and software up-to-date with the latest security patches, using reputable antivirus software, being cautious while opening email attachments or clicking on links, and avoiding downloading software or media from untrusted sources. Regularly backing up your important data can also help mitigate the impact of a potential ransomware attack.
