Tcvjuo Ransomware
Tcvjuo is another threatening ransomware variant discovered by cybersecurity specialists. This particular threat has been specifically programmed to target files, encrypt them, and add a new extension - '.tcvjuo' to their original filenames. Additionally, it creates a ransom note called 'HOW TO RESTORE YOUR TCVJUO FILES.TXT' containing the demands of cybercriminals. Another important aspect of the threat is that analysis has revealed it is a variant belonging to the Snatch Ransomware family.
In terms of file modification, Tcvjuo follows a consistent pattern. It renames files such as '1.doc' to '1.doc.tcvjuo' and '2.png' to '2.png.tcvjuo,' ensuring that the original file extension is preserved while appending the '.tcvjuo' extension. This process is repeated for each targeted file.
Victims of the Tcvjuo Ransomware are Extorted for Money by The Cybercriminals
The ransom note delivered to the victims serves as a supposed notification for what the threat actors are calling a penetration test conducted on the network. As a result, numerous data and fails have been encrypted and rendered unusable. Additionally, the note reveals that during this process, a significant amount of data exceeding 100GB has apparently been stolen. Tcvjuo Ransomware's note states that the data encompasses various types of information, including personal data, marketing data, confidential documents, accounting information, SQL databases, and copies of mailboxes.
The note strongly advises against attempting to decrypt the files independently or resorting to the use of third-party tools. It emphasizes that only the specific decryption tool possessed by the attackers can effectively restore the encrypted files. Victims are asked to establish contact with the threat actors through the provided email addresses - 'master1restore@cock.li' or '2020host2021@tutanota.com' to receive additional instruction on how to pay the ransom demanded by the threat actors.
Furthermore, the ransom note explicitly warns that if the victims fail to initiate contact within three days, the threat actors may choose to publish the stolen data online. This serves as an additional coercive tactic to compel the victims into complying with their demands.
However, it is necessary to exercise extreme caution when dealing with cybercriminals, as entrusting them to provide the decryption tools even after the payment of a ransom carries significant risks. It is generally advisable to refrain from paying the ransom. At the same time, taking immediate action to remove the ransomware from the infected computer is of utmost importance to prevent any further encryption of files and to mitigate potential damage.
Take Effective Security Measures to Protect Your Data and Devices from Threats Like the Tcvjuo Ransomware
To protect data and devices from ransomware threats, users can take several proactive steps:
- Regularly Back Up Data: Maintain regular backups of important files and data on an offline or cloud-based storage solution. This ensures that even if the original files are encrypted by ransomware, you can restore them from a secure backup.
- Keep Software Up to Date: Install the latest updates and security patches for all operating systems, software applications, and antivirus programs. These updates often contain security fixes that help protect against known vulnerabilities that ransomware may exploit.
- Exercise Caution with Email Attachments and Links: When opening email attachments or clicking on links, be extra cautious, especially from unknown or suspicious sources. Ransomware is usually spread through phishing emails that trick users into downloading malicious attachments or visiting infected websites.
- Use Reliable Security Software: Install reputable anti-malware software on all devices and keep it up to date. These programs can detect and block ransomware threats, providing an additional layer of protection.
- Enable Firewall Protection: Enable the firewall on your computer or network router to block unauthorized access and protect against incoming threats.
- Disable Macros in Office Documents: Ransomware often spreads through malicious macros embedded in Office documents. Disable macros by default and only enable them if you trust the source and require their functionality.
- Educate Yourself: Stay informed about the latest ransomware threats and techniques used by cybercriminals. Regularly educate yourself and your employees (if applicable) about safe online practices, including recognizing and avoiding phishing attempts.
By following these preventive measures, users can significantly reduce the probability of falling victim to ransomware and protect their data and devices from potential threats.
The full text of the ransom note dropped by the Tcvjuo Ransomware is:
'THE ENTIRE NETWORK IS ENCRYPTED YOUR BUSINESS IS LOSING MONEY!
Dear Management! We inform you that your network has undergone a penetration test, during which we encrypted
your files and downloaded more than 100GB of your dataPersonal data
Marketing data
Confidential documents
Accounting
Copy of some mailboxesImportant! Do not try to decrypt the files yourself or using third-party utilities.
The only program that can decrypt them is our decryptor, which you can request from the contacts below.
Any other program will only damage files in such a way that it will be impossible to restore them.
Write to us directly, without resorting to intermediaries, they will deceive you.You can get all the necessary evidence, discuss with us possible solutions to this problem and request a decryptor
by using the contacts below.
Free decryption as a guarantee. Send us up 3 files for free decryption.
The total file size should be no more than 1 MB! (not in the archive).Please be advised that if we don't receive a response from you within 3 days, we reserve the right to publish files to the public.
Contact us:
master1restore@cock.li or 2020host2021@tutanota.com'