Tycx Ransomware Asks for $980 in Ransom Payment - Should You Pay or Not?
While examining malware samples newly submitted to online threat databases, our team identified a ransomware named Tycx. Upon further investigation, we discovered that Tycx is a member of the Djvu ransomware family that is designed to encrypt files, add the ".tycx" extension to their filenames, and leave a ransom note in the form of a text file named "_readme.txt."
As an example of how Tycx alters filenames, it changes "1.jpg" to "1.jpg.tycx," "2.png" to "2.png.tycx," and so on. It is important to note that Tycx may be spread in conjunction with Vidar, RedLine, or other forms of data stealers.
Upon examining the ransom note, we discovered that it includes payment and contact information. The note instructs the victims to contact the attackers through either support@freshmail.top or datarestorehelp@airmail.cc email addresses within a 72-hour timeframe to obtain the decryption software and key at a reduced cost of $490 instead of the standard price of $980.
Tycx Demands $490 in Ransom, Doubles it After 72 Hours
The complete Tycx ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-f8UEvx4T0A
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Are Ransomware Payloads Like Tycx Usually Distributed?
Ransomware payloads such as Tycx are usually distributed through several methods, including:
Phishing emails: Attackers use social engineering tactics to trick victims into clicking on a malicious link or downloading an infected attachment.
Malvertising: Malicious advertisements that redirect users to websites hosting the ransomware payloads can infect a user's computer.
Exploit kits: Attackers exploit vulnerabilities in a user's software or operating system to deliver the ransomware payload.
Remote Desktop Protocol (RDP) attacks: Attackers use stolen or weak credentials to gain access to a victim's computer via RDP and then install the ransomware.
Software cracks and keygens: Attackers bundle ransomware payloads with software cracks or keygens that users may download from unofficial websites.
Drive-by downloads: A user visits a compromised website and unintentionally downloads the ransomware payload without their knowledge.
It is important to note that ransomware attackers are continuously developing new methods to distribute their malware, and users should always remain vigilant when downloading or clicking on links, especially from unknown sources. Regularly updating software, using reputable antivirus software, and creating backups of important data can help protect against ransomware attacks.
