Tcvjuo Ransomware Targets Business Entities

ransomware

During our analysis of malware samples, we encountered a variant called Tcvjuo, which belongs to the Snatch ransomware family. Tcvjuo is specifically designed to encrypt files by appending its extension (".tcvjuo") to the filenames. To notify the victims of the encryption, a ransom note titled "HOW TO RESTORE YOUR TCVJUO FILES.TXT" is generated.

To give you an example of how Tcvjuo modifies files, it renames "1.jpg" to "1.jpg.tcvjuo" and "2.png" to "2.png.tcvjuo," and so on.

The ransom note informs the victims that their network has undergone a penetration test, resulting in the encryption of their files. Additionally, it claims that during this process, over 100GB of data has been downloaded, including various types of information such as personal data, marketing data, confidential documents, accounting information, SQL databases, and copies of mailboxes.

The note warns against attempting to decrypt the files independently or using third-party tools, emphasizing that only the tool possessed by the attackers can successfully restore the files. To request the decryption tool, victims are instructed to contact the threat actors through the provided email addresses: master1restore@cock.li or 2020host2021@tutanota.com.

Furthermore, the ransom note states that if the victims fail to make contact within three days, the threat actors may choose to publish the files online.

Tcvjuo Ransom Note Suggests Hackers Are Targeting Businesses

The complete text of the Tcvjuo ransom note reads as follows:

THE ENTIRE NETWORK IS ENCRYPTED YOUR BUSINESS IS LOSING MONEY!

Dear Management! We inform you that your network has undergone a penetration test, during which we encrypted
your files and downloaded more than 100GB of your data

Personal data
Marketing data
Confidential documents
Accounting
Copy of some mailboxes

Important! Do not try to decrypt the files yourself or using third-party utilities.
The only program that can decrypt them is our decryptor, which you can request from the contacts below.
Any other program will only damage files in such a way that it will be impossible to restore them.
Write to us directly, without resorting to intermediaries, they will deceive you.

You can get all the necessary evidence, discuss with us possible solutions to this problem and request a decryptor
by using the contacts below.
Free decryption as a guarantee. Send us up 3 files for free decryption.
The total file size should be no more than 1 MB! (not in the archive).

Please be advised that if we don't receive a response from you within 3 days, we reserve the right to publish files to the public.

Contact us:
master1restore@cock.li or 2020host2021@tutanota.com

How Can You Protect Your Data from Ransomware Like Tcvjuo?

Safeguarding your data from ransomware like Tcvjuo requires implementing effective security measures. Here are some steps you can take to protect your data:

  • Keep your software up to date: Regularly update your operating system, antivirus software, and other applications to ensure you have the latest security patches and protections against known vulnerabilities.
  • Install reliable antivirus software: Use reputable antivirus or anti-malware software and keep it updated. This will help detect and block malicious files or suspicious activities associated with ransomware.
  • Be cautious of email attachments and downloads: Exercise caution when opening email attachments or downloading files from the internet, especially if they come from unknown or untrusted sources. Scan all attachments and downloads with antivirus software before opening them.
  • Enable automatic backups: Regularly back up your important files and ensure the backups are stored in a separate location, preferably offline or in the cloud. Automatic backups provide an additional layer of protection against data loss in case of a ransomware attack.
  • Use strong, unique passwords: Create strong, complex passwords for all your accounts and avoid using the same password across multiple platforms. Consider using a password manager to securely store and generate unique passwords.
  • Enable two-factor authentication (2FA): Enable 2FA whenever possible for your online accounts. This adds an extra layer of security by requiring an additional verification step, such as a unique code sent to your mobile device, when logging in.
  • Use a reliable firewall: Ensure you have a robust firewall in place to monitor and control incoming and outgoing network traffic. A firewall can help detect and block unauthorized access attempts, reducing the risk of ransomware infections.
By Zaib
July 10, 2023
Ransomware
English
July 10, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

AttackSystem Ransomware Targets Large Entities

During our investigation of newly submitted programs to the VirusTotal website, our research team uncovered a ransomware-type program called AttackSystem that belongs to the MedusaLocker ransomware family. We tested... Read more

May 3, 2023
Ransomware

RURansom Ransomware Targets Russian Users

Ukrainian cyber activists appear to have a released a file-encryption Trojan called RURansom Ransomware. According to the ransom message it uses, the malware was created in response to Russia's invasion of Ukraine.... Read more

March 11, 2022
Ransomware

Somnia Ransomware Used against Ukrainian Targets

Ukrainian CERT warned of a new family of ransomware deployed by Russian threat actors and used to target entities located in Ukraine. The new ransomware family is called Somnia and experts believe it is linked with a... Read more

November 15, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.