Temlo Ransomware

A new variant from the VoidCrypt Ransomware family has been unleashed in the wild. The threat is named Temlo Ransomware and it can cause massive damage to the breached computers. Like all other variants from the family, Temlo also is designed to target specific file types and lock them by using an uncrackable cryptographic algorithm. Afterward, the cybercriminals attempt to extort their victims for money in exchange for the decryption key and tool that could potentially restore the locked information.

Technical Details

As part of its encryption process, the Temlo Ransomware also changes the original names of the affected files. The threat follows the naming conventions associated with the VoidCrypt family. It appends an email address, an ID number assigned to the victim and a new file extension.

The email address used in the names of the encrypted files is 'temloown@gmail.com.' The new file extension is '.temlo.' Victims of the threat are left with a ransom note containing instructions from the hackers. The message is delivered onto the compromised device in the form of a text file named 'Decrypt-info.txt.'

Ransom Note's Overview

According to the note, the first action taken by the victims of Temlo Ransomware is to locate a specific file that has been created on their computers. Apparently, the cybercriminals need this file to have a chance to restore the user's data. The file is named 'prvkey*.txt.key' and should be located under C:\ProgramData.\ However, victims are told to check all of their drives.

The file must be sent to one of the provided email addresses - 'temloown@gmail.com' and 'temloown@tuta.io.' Alongside it, victims also can send several small encrypted files that will supposedly be unlocked for free. The last important detail mentioned in the note is that the ransom must be paid using the Bitcoin cryptocurrency.

The full text of the ransom note is:

'All Your Files Has Been Encrypted

You Have to Pay to Get Your Files Back

Go to C:\ProgramData\ or in Your other Drives and send us prvkey*.txt.key file , * might be a number (like this : prvkey3.txt.key)

You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data

Payment should be with Bitcoin
Changing Windows without saving prvkey.txt.key file will cause permanete Data loss

Our Email:temloown@gmail.com
in Case of no Answer:temloown@tuta.io.'