Ttwq Ransomware Will Hold Your Data Hostage
While examining malware samples, we came across a ransomware variant known as Ttwq. Ttwq encrypts files and alters their file names by appending the ".ttwq" extension. Moreover, Ttwq is programmed to generate a text file named "_readme.txt," which contains a message detailing the ransom demands.
It's worth noting that Ttwq is part of the Djvu ransomware family. Importantly, Djvu ransomware is frequently distributed in conjunction with information-stealing malware like RedLine or Vidar by malicious individuals. As an example of how Ttwq alters file names, it changes "1.jpg" to "1.jpg.ttwq," "2.png" to "2.png.ttwq," and so forth.
The ransom note from the attackers lists two different email addresses, support@freshmail.top and datarestorehelp@airmail.cc, and strongly underscores the importance of victims contacting the cybercriminals within a 72-hour window to prevent an increase in the ransom amount. They request a payment of $490 for the decryption tools (if contacted within 72 hours).
Furthermore, the note emphasizes the near impossibility of recovering the encrypted files without obtaining the decryption software and a unique key from the hackers. Additionally, it offers an option to decrypt one file at no cost, with the condition that the selected file does not contain critical or valuable data.
Ttwq Ransom Note Demands Payment of $490
The complete text of the Ttwq ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-4vhLUot4Kz
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can You Protect Your Files from Ransomware Attacks?
Protecting your files from ransomware attacks is essential to prevent the loss of valuable data and avoid paying ransoms to cybercriminals. Here are some effective measures to safeguard your files from ransomware:
- Regular Backups: Maintain regular backups of your files, and store them on an offline or offsite storage device. Ensure that backups are automated, and routinely test their restoration process to verify their reliability.
- Update Software: Keep your operating system, software applications, and security software up to date with the latest patches and updates. Vulnerabilities in outdated software can be exploited by ransomware.
- Use Strong Passwords: Employ strong, unique passwords for all accounts and devices. Consider using a reputable password manager to generate and store complex passwords securely.
- Enable Multi-Factor Authentication (MFA): Enable MFA wherever possible, especially for important accounts like email, cloud storage, and banking. MFA adds an extra layer of security by requiring two or more authentication factors to access an account.
- Exercise Caution with Email: Be wary of unsolicited emails and avoid opening attachments or clicking on links from unknown or suspicious sources. Verify the authenticity of emails and senders, especially if they request personal or financial information.
- Use Antivirus and Anti-Malware Software: Install reputable antivirus and anti-malware software on your devices. Ensure that it is regularly updated and set to perform automatic scans.
