ExilenceTG Ransomware

A new ransomware threat has been identified by cybersecurity researchers. The malware is being tracked as ExilenceTG Ransomware. This variant operates by encrypting files, making them inaccessible to the user, and adding the '.exilenceTG' extension to their names. Additionally, ExilenceTG creates a text file named 'cyber.txt' that contains instructions for the victims on how to supposedly recover their encrypted files.

To provide a better understanding of how ExilenceTG alters file names, here is an example: if a file named '1.jpg' is targeted by ExilenceTG, it will be renamed as '1.jpg.exilenceTG.' Similarly, if a file named '2.png' is encrypted by this ransomware, it will be renamed as '2.png.exilenceTG,' and so on.

ExilenceTG Ransomware will Lock the Data of its Victims

The ransom note left by the ExilenceTG Ransomware informs victims that their computer systems have been breached and important data has been encrypted. However, the attackers claim that the victim's files are safe and that they can retrieve them by contacting the attacker via the given Telegram username ('@exilenceTG') or email address ('534411644559@ngs.ru').

The ransom note also includes a list of additional email addresses that could be used by the victims to report the incident, such as 'abuse@telegram.org,' 'dmca@telegram.org,' 'recover@telegram.org,' 'security@telegram.org,' 'sms@telegram.org,' 'sticker@telegram.org,' 'stopCA@telegram.org,' and 'support@telegram.org.'

It is strongly recommended that victims do not pay the ransom demanded by the attackers as it only encourages them to continue their illegal activities and does not guarantee the recovery of encrypted files. It is important to note that ransomware is a dangerous malware that could lead to further infections and the encryption of more files. To avoid these circumstances, victims must remove the ransomware from their infected systems as soon as possible.

Make Sure Your Data is Protected from Ransomware Attacks

To protect their devices and data from ransomware attacks, users can take a variety of measures. First, it is essential to keep their operating system and all software up to date with the latest security patches and updates. This ensures that any known vulnerabilities are fixed, reducing the risk of attackers exploiting them.

Second, users should be cautious when opening emails and attachments from unknown senders or links from suspicious websites. Phishing emails are a common method used by attackers to distribute ransomware. Therefore, it is important to be wary of any unexpected or suspicious emails.

It is crucial to use a reputable anti-malware program and ensure that it is updated regularly. Anti-malware software can help detect and block ransomware before it can infect the system.

Users should also regularly back up their important data to an external device or cloud-based storage. This helps to ensure that, in the event of a ransomware attack, the data can be restored without paying the ransom.

Overall, it is important to stay vigilant and cautious when using devices and the internet. Keeping systems up to date, being cautious with email and web browsing, using anti-virus software, backing up data regularly, and securing devices are all essential measures that can help protect against ransomware attacks.

The full text of the ransom note created by ExilenceTG Ransomware is:

YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
DON'T WORRY YOUR FILES ARE SAFE.
To return them, write to telegram: @exilenceTG Email/ 534411644559@ngs.ru
greetings from keygroup777
your files were encrypted with military algorithms:)
our allies and friends:
employees of our program/company:
abuse@telegram.org
dmca@telegram.org
recover@telegram.org
security@telegram.org
sms@telegram.org
sticker@telegram.org
stopCA@telegram.org
support@telegram.org