Tangem Ransomware

Cybersecurity researchers have discovered a ransomware threat called Tangem. Tangem Ransomware's primary purpose is to encrypt data and then demand a ransom for decryption from its victims. During testing, Tangem was found to encrypt files on the test machine and append their filenames with a '.tangem' extension. For instance, a file named initially '1.png' appeared as '1.png.tangem,' while '2.doc' will be changed to '2.png.tangem.'

Once the encryption process is completed, the Tangem Ransomware will create a ransom note named 'How_to_back_files.html' on the infected system. It is evident from the message in the note that this ransomware is mostly targeted at companies and not individual home users. A noteworthy fact about the Tangem Ransomware is that it is a variant belonging to the MedusaLocker malware family.

The Attackers behind Tangem Ransomware Extort Victims for Money

According to the note left by Tangem, the company network of its victims has been breached. The ransomware has used two cryptographic algorithms, RSA and AES, to encrypt the files. The message warns that any attempts to rename, modify or use third-party decryption software on the affected files will lead to permanent data loss.

The ransom note also reveals that confidential and personal information was collected from the victims' network during the attack. To recover the encrypted files, the victims are required to pay a ransom. Refusal to pay will result in the stolen data being leaked or sold. However, before paying the ransom, the victims can test decryption by sending three files to the attackers. As a potential communication channel, the ransom note mentions a single email address at 'ithelp011@decorous.cyou.'

In the vast majority of cases where ransomware threats are involved, recovering the affected data without the cybercriminals' involvement is usually impossible, except for cases where the ransomware is seriously flawed. Moreover, victims often do not receive the promised decryption keys or software, even after paying the ransom. Therefore, we strongly advise against paying the ransom, as there is no guarantee of data recovery, and doing so also supports illegal activities.

Take Measures to Protect Your Files from Threats Like the Tangem Ransomware

Users can take several steps to protect themselves from ransomware attacks. First and foremost, they should maintain regular backups of their important files and data, preferably on a separate and secure device or cloud storage service. This will enable them to recover their data without having to pay the ransom in the event of a successful ransomware attack.

Secondly, users should keep their operating system and security software up to date and regularly patched. This will ensure that the system has the latest security updates to protect against known vulnerabilities that can be exploited by ransomware.

Users should be cautious and keep an eye out for suspicious emails, links, and attachments. Ransomware often spreads through phishing emails and malicious websites, and opening or downloading such attachments can trigger an attack.

Lastly, users should consider using professional anti-malware software and firewalls to add another layer of protection against ransomware attacks. These tools can help detect and prevent ransomware attacks before they can cause any significant damage.

The text of the ransom note dropped by Tangem Ransomware is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

email:
ithelp011@decorous.cyou
ithelp011@decorous.cyou

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'