Pandora (TeslaRVNG) Ransomware

Cybersecurity researchers have uncovered another ransomware threat going under the name Pandora. However, unlike the previous malware, this time the threat is a variant created from the TeslaRVNG family. Systems infected with ransomware will be subjected to data encryption. The military-grade cryptographic algorithm used by the threat will leave the victim's files in an unusable state with practically zero chance for restoration without having the correct decryption key.

Each file locked by the Pandora (TeslaRVNG) Ransomware will have its original name modified significantly. First, the threat will add an ID string generated for the specific victim. Next, an email address under the control of the hackers will be attached to it. Then, the file's usual name will be followed by '.Pandora' as a new file extension. So, a file named 'Picture1.png' will be renamed to 'ID_String.[Harold.Winter1900@mailfence.com].Picture1.png.Pandora.' Upon encrypting all targeted file types on the system, the Pandora (TeslaRVNG) will create a text file named 'Pandora.txt' on the desktop.

Ransom Note's Details

The text file will contain a ransom-demanding message from the operators of the threat. According to the ransom note, the threat actors behind the malware run a double-extortion scheme. In addition to locking the files of their victims, the cybercriminals claim to have obtained various sensitive and valuable files.

The collected data could consist of personal details about the employees of the breached company, financial information, manufacturing documents and more. The attackers threaten to start publishing the company's data to the public if their demands are not met. At the same time, victims are provided with two email addresses that can be used to contact the hackers - 'Harold.Winter1900@mailfence.com' and 'Harold.Winter1900@cyberfear.com.'

The full text of the instructions left the Pandora (TeslaRVNG) Ransomware is:

'due to security weaknesss you were hacked.
All of your files are currently encrypted by PANDORA .

to decrypt your data contact us at :
Email 1 : Harold.Winter1900@mailfence.com
Email 2 : Harold.Winter1900@cyberfear.com

mention - as your id in email or title

Attention!

Do NOT DELETE files at c:\pandora folder, otherwise we wont be able to decrypt your files

playing with encrypted files may cause permanent data loss.

The faster you write,you will waste less time and recover sooner and may get cheaper price

Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of them (non critical ones, for prices >30k we even decrypt critical ones and send screenshots of file opened)

also Sensitive data on your system was DOWNLOADED and we mayh publish them if we dont hear from you
Data may include:

Employees personal data, CVs, DL, SSN.

Private financial information including: clients data, bills, budgets, annual reports, bank statements.

Manufacturing documents including: datagrams, schemas, drawings in solidworks format

And more…'