TCPRX Ransomware

The TCPRX Ransomware is a new Dharma Ransomware variant that would sneak into your computer and begin encrypting all your files. Cybercriminals who distribute threats like the TCPRX Ransomware aim at blackmailing people into paying a hefty ransom in exchange for a decryption tool.

Propagation and Encryption

The TCPRX Ransomware may be propagated with the help of phishing emails. If you are among the users targeted by the TCPRX Ransomware or another member of the Dharma Ransomware family, you may have received an email that contains either a corrupted link or a macro-laced attached file. However, cyber crooks often use other distribution methods too, such as torrent trackers, malvertising, fake social media profiles, bogus application downloads, etc. Upon infiltrating your PC, the TCPRX Ransomware will begin locking your files. This data-locker targets images, documents, presentations, spreadsheets, databases, audio files, videos, archives, etc. The TCPRX Ransomware uses an encryption algorithm to lock all the data. The newly locked files will be marked with an additional extension. The extension appended by the TCPRX Ransomware is '.id-<VICTIM ID>.[tcprx@tutanota.com].tcprx.' This means that a file named 'pink-tires.png' will be renamed to 'pink-tires.png.id-<VICTIM ID>.[tcprx@tutanota.com].tcprx.'

The Ransom Note

Next, the TCPRX Ransomware will drop a ransom note on the victim's desktop. The name of the file is 'FILES ENCRYPTED.txt' and contains the message of the TCPRX Ransomware's authors. In the ransom note, the attackers ask to be contacted via email and offer two addresses for this purpose 'tcprx@tutanota.com' and 'tcprx@cock.li.' The attackers also provide a link to a Tor-based website hosted on the Dark Web.

There is no reason for you to believe the words of cyber crooks. Instead of contacting the attackers and paying the ransom fee, you should consider obtaining a reputable anti-virus product that will help you remove the TCPRX Ransomware from your computer.