Tgvv Ransomware Encrypts Victim Systems
Our team has recently made an intriguing discovery within the Djvu ransomware family. We have identified a new variant called Tgvv, which exhibits malicious behavior by encrypting files, rendering them inaccessible to the victims. The detection of Tgvv took place during our analysis of newly discovered file samples.
It is crucial to acknowledge that Tgvv may be distributed in conjunction with other malware, such as information stealers like RedLine or Vidar. Once a system becomes infected, Tgvv modifies the filenames of the encrypted files by appending the ".tgvv" extension. For instance, "1.jpg" would be renamed as "1.jpg.tgvv", and "2.png" would become "2.png.tgvv," and so forth. Additionally, Tgvv generates a ransom note named "_readme.txt."
The ransom note delivered by Tgvv provides specific instructions to the victims, emphasizing the urgent need to contact the threat actors within a 72-hour timeframe. Failure to comply within this period may result in an increased payment amount of $980 instead of the initial $490, covering the costs associated with the decryption software and key.
The note strongly emphasizes that file decryption is impossible without these essential tools. Furthermore, the "_readme.txt" file presents an option for victims to send a single encrypted file for decryption without any charge. To establish contact with the attackers, victims are provided with two email addresses: support@freshmail.top and datarestorehelp@airmail.cc.
Tgvv is a Djvu Family Variant
The full text of the Tgvv ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-OQnsJqCOOl
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can Ransomware Like Tgvv Get Inside Your Computer?
Ransomware like Tgvv can find its way into your computer through various methods. Understanding these entry points is crucial for taking preventive measures. Here are some common ways ransomware can infect your computer:
- Phishing Emails: One prevalent method is through phishing emails. Attackers send deceptive emails that appear legitimate, often impersonating trusted entities or organizations. These emails may contain malicious attachments or links that, when clicked or downloaded, install the ransomware on your computer.
- Malicious Websites and Downloads: Visiting compromised or malicious websites can expose your computer to ransomware. These websites may contain infected files or exploit vulnerabilities in your web browser or plugins to download and execute the ransomware code without your knowledge.
- Software Vulnerabilities: Outdated software and operating systems can have security vulnerabilities that cybercriminals exploit. They can create ransomware that takes advantage of these vulnerabilities to gain unauthorized access to your system.
- Malvertising: Attackers can distribute ransomware through malicious advertisements (malvertising) displayed on legitimate websites. Clicking on these ads or even visiting the compromised website can trigger the download and execution of ransomware on your computer.
- Exploiting Remote Desktop Protocol (RDP): If you have Remote Desktop Protocol enabled on your computer and it is not properly secured, hackers can attempt to gain access to your system by exploiting weak or default login credentials. Once inside, they can deploy ransomware.
- Drive-by Downloads: Ransomware can also be delivered through drive-by downloads, where malware is automatically downloaded and installed on your computer when you visit a compromised website, often without your consent or knowledge.
- Infected External Devices: Ransomware can spread through infected external devices, such as USB drives or external hard drives. When you connect an infected device to your computer, the ransomware can transfer itself to your system.
Protecting your computer from ransomware involves implementing several preventive measures, such as keeping your software and operating system up to date, using robust antivirus and antimalware software, being cautious of suspicious emails and attachments, avoiding clicking on unknown links or visiting suspicious websites, and regularly backing up your important data to an offline or cloud storage solution.
