Typo Ransomware Will Scramble Your Files Despite Goofy Name
During a malware sample analysis, our team of experts discovered a new variant of ransomware called Typo, which is believed to be associated with the Djvu family of ransomware. Similar to other types of ransomware, Typo encrypts files and alters their filenames by appending the ".typo" extension. This ransomware also leaves a ransom note, which is saved as "_readme.txt."
As an example, if Typo were to infect a file named "1.jpg," it would change the name to "1.jpg.typo," and the same applies to other file types. It is worth noting that Djvu ransomware is frequently distributed alongside information stealers such as RedLine and Vidar.
After reviewing the ransom note, we discovered that the attackers demand the victims to contact them within 72 hours to obtain the decryption tools at a discounted rate of $490, instead of the original $980. The ransom note provides two email addresses that can be used to contact the attackers, which are support@freshmail.top and datarestorehelp@airmail.cc.
Moreover, the ransom note states that the victims can request one file to be decrypted at no cost, as long as the file does not contain critical information.
Typo Uses Standard Djvu Ransom Note
The complete text of the Typo ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-f8UEvx4T0A
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
What Are the Best Security Measures You Can Implement to Protect Your Files from Ransomware Like Typo?
Ransomware attacks like Typo can be devastating, as they can encrypt your important files and demand payment for the decryption key. To protect your files from such attacks, there are several security measures that you can implement:
- Keep your operating system and software up to date: Regularly update your operating system and software to ensure that you have the latest security patches and updates. This can help prevent known vulnerabilities from being exploited by attackers.
- Install and update anti-malware software: Use reputable anti-malware software and keep it up to date to protect against ransomware and other types of malware.
- Use strong and unique passwords: Use strong and unique passwords for all your accounts, and consider using a password manager to help generate and store your passwords.
- Enable two-factor authentication (2FA): Enabling 2FA can add an extra layer of security to your accounts, making it more difficult for attackers to gain access.
- Be cautious of suspicious emails and attachments: Be careful when opening emails from unknown senders, and do not open attachments or click on links unless you are sure they are safe.
- Backup your files regularly: Regularly backup your important files to an external hard drive or cloud storage service. This way, if your files are encrypted by ransomware, you can restore them from the backup.
- Restrict access to sensitive files: Limit access to sensitive files by using access controls and permissions. This can prevent ransomware from encrypting critical data.
