Taargo Ransomware
Malware researchers have spotted a new file-locking Trojan dubbed the Taargo Ransomware. This new ransomware threat is a variant of the popular GlobeImposter Ransomware.
Table of Contents
Propagation and Encryption
Many cyber crooks who distribute ransomware threats prefer to do so via phishing emails. They would target a user and send them an email that appears to come from a reputable, trustworthy source. The bogus message in these carefully crafted emails would try to convince users to launch the corrupted attached file, which is often a macro-laced document. Users who fall for this trick and open the corrupted file would have their computers infiltrated by the Taargo Ransomware. Cybercriminals tend to use other infection vectors, too, such as torrent trackers, fake application updates and downloadvertisements and malvertising campaigns. The Taargo Ransomware would scan the data present on your system and then trigger the encryption process. The locking of the files is completed with the help of an encryption algorithm. Most ransomware threats aim at targeting as many filetypes as possible. This means that the Taargo Ransomware will likely encrypt all your audio files, images, videos, documents, spreadvertisementsheets, presentations, databases, archives, etc. When the encryption process is finished, you will notice that your files have a new extension – ‘.[taargo@olszyn.com].taargo.’ For example, a file that you had named ‘fuzzy-boots.png’ will be renamed to ‘fuzzy-boots.png.[taargo@olszyn.com].taargo.’
What Does Taargo Ransomware Do To Computers?
As mentioned before, Taargo encrypts files so they can’t be accessed. The ransomware also drops a note called "How_to_back_files.html" that contains instructions on how to unlock files. According to the note, the only way to restore data is by using a decryption tool created by the ransomware creators. The note also says that the tool requires a unique key, which can also only be provided by hackers.
Victims must message the developers via email to receive instructions on what to do. The developers don’t keep the key for long, so victims must respond quickly or risk losing all their data. Unfortunately, it’s all too common for hackers not to provide decryption tools even if they are paid. It’s for this reason that victims should never pay the ransom.
More often than not, these ransomware programs use such powerful encryption that recovering data without specialized tools is impossible. The only way to restore files safely is through a backup. Files will still be encrypted even if the ransomware is removed from the computer. It is always worth removing the virus, though, as it will prevent data from being encrypted again.
The Ransom Note
Next, the Taargo Ransomware will drop its ransom note. The ransom message of the authors of the Taargo Ransomware can be found in a file called ‘how_to_back_files.html.’ In the ransom message, the attackers do not state what the demanded fee is. However, they urge users to set up an email account with the Protonmail service. The creators of the Taargo Ransomware state that unless the victims contact them from a Protonmail account, they will not receive a reply. Next, they give out their email address – ‘taargo@iran.ir’ and ‘taargo@olszyn.com.’
The ransom note reads like the following:
YOUR FILES ARE ENCRYPTED!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
----------------------------------------------------------
To start the recovery process:
Register email box to protonmail.com or cock.li (do not waste time sending letters from your standard email address, they will all be blocked).
Send a email from your new email address to: taargo@iran.ir with your personal ID.
In response, we will send you further instructions on decrypting your files.
-----------------
Your personal ID:
-
----------------- P.S. -----------------
It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time.
Сheck the folder "Spam" when waiting for an email from us.
If we do not respond to your message for more than 48 hours, write to the backup email : taargo@feecca.com and taargo@olszyn.com
-----------
Q: Did not receive an answer?
A: Check the SPAM folder.
Q: My spam folder is empty, what should I do?
A: Register email box to protonmail.com or cock.li and do the steps above.
Ransomware such as Taargo encrypts and lock files to make them inaccessible. The only way to access encrypted data is by using tools sold by the developers. There is plenty of different ransomware out there, with the main difference being the size of the ransom and the encryption method used. Sometimes this ransomware is flawed, and security experts can create public decryption tools, but this isn’t always the case.
How Did My Computer Get Infected?
Hackers have several different infection methods. The most common way computers are infected through spam email campaigns. Hackers send spam emails that contain malicious links or attachments. Hackers write emails in such a way that readers believe they are genuine. Readers are tricked into accessing the link or download, which will then infect their computer. Keep an eye out for emails that contain attachments such as Word and PDF files, executable files, and archive files.
Trojan viruses are another common infection method. Named after the Trojan horse, this kind of virus contains another, much more sinister, virus inside of it. Trojans infect computers and then install other viruses and malicious programs. Another common source of malware is fake software updates. These updates install viruses on to a computer instead of updating software as they promise.
Keep an eye out for untrusted third-party freeware websites too. Threat actors like to hide viruses inside legitimate software. Always download trusted software from a trusted source. The same applies to pirated software and games. Hackers hide malware inside of the cracking tools used to activate illicit programs. Not only is pirating illegal, but it presents a severe risk of infection and isn’t worth the risk.
Contacting the creators of the Taargo Ransomware is never a good measure. Cyber crooks rarely keep their word. This means that even users who pay up may never receive the decryption key they need to recover their data. You should remove the Taargo Ransomware from your computer with the help of a genuine anti-malware solution.
