Tnwkgbvl Ransomware Locks Victim Systems

While analyzing malware samples, our team came across a ransomware known as Tnwkgbvl. We have determined that Tnwkgbvl is a member of the Snatch ransomware family. The main objective of Tnwkgbvl is to render files inaccessible by encrypting them. In addition, Tnwkgbvl generates a ransom note named "HOW TO RESTORE YOUR TNWKGBVL FILES.TXT."

Moreover, Tnwkgbvl alters the filenames of the encrypted files by appending the ".tnwkgbvl" extension. For instance, "1.jpg" becomes "1.jpg.tnwkgbvl," "2.png" becomes "2.png.tnwkgbvl," and so on.

The ransom note contains crucial information for the victim, stating that their network has undergone a penetration test resulting in file encryption and the downloading of more than 100 GB of data. The encrypted data includes sensitive information such as accounting records, confidential documents, personal data, and email accounts.

The note strongly advises against using third-party tools to decrypt the files, emphasizing that only a specific decryptor can reverse the encryption without causing any harm. The threat actors behind Tnwkgbvl issue a warning that failure to respond within three days may result in the public release of the encrypted files. The provided contact details for communication are 777doctor@proton.me and 777doctor@swisscows.email.

Tnwkgbvl Ransomware Seems to Target Businesses

The full text of the Tnwkgbvl ransom note reads as follows:

Dear Management!

We inform you that your network has undergone a penetration test, during which we encrypted
your files and downloaded more than 100 GB of your data, including:

Accounting
Confidential documents
Personal data
Mailboxes

Important! Do not try to decrypt files yourself or using third-party utilities.
The program that can decrypt them is our decryptor, which you can request from the contacts below.
Any other program can only damage files.

Please be aware that if we don't receive a response from you within 3 days, we reserve the right to publish your files.

Contact us:

777doctor@proton.me or 777doctor@swisscows.email

How Can You Protect Your Data From Ransomware?

Protecting your data from ransomware requires implementing a multi-layered approach to cybersecurity. Here are some essential steps you can take to safeguard your data:

• Backup your data: Regularly backup your important files to an external hard drive, cloud storage, or a secure offline location. Ensure that backups are performed automatically and verify their integrity regularly. Having up-to-date backups will enable you to restore your files without paying the ransom in case of an attack.
• Keep your software up to date: Regularly update your operating system, antivirus software, and all applications on your computer. Software updates often include security patches that address vulnerabilities exploited by ransomware.
• Use robust security software: Install reputable antivirus and anti-malware software on your devices. Keep the software up to date and configure it to perform regular scans. A reliable security solution can help detect and block ransomware threats.
• Exercise caution with email attachments and links: Be cautious when opening email attachments or clicking on links, especially if they are from unknown or suspicious sources. Verify the sender's identity and scan attachments with antivirus software before opening them.
• Enable popup blockers and use ad-blockers: Configure your web browser to block popups and consider using ad-blockers to reduce the risk of inadvertently clicking on malicious advertisements or links.
• Be vigilant while browsing: Avoid visiting suspicious or untrusted websites. Stick to reputable sources when downloading software or files. Verify that websites use secure HTTPS connections before sharing sensitive information.
• Use strong, unique passwords: Create strong passwords for all your online accounts and avoid reusing passwords across different platforms. Consider using a password manager to securely store and generate complex passwords.