Temlown Ransomware
Analysis of the Temlown Ransomware reveals that it is a variant from the VoidCrypt Ransomware family. The Temlown Ransomware also displays the typical characteristics associated with the VoidCrypt Ransomware family of threats. Despite lacking any new threatening functionalities, Temlown is still a threat that can cause significant damage by locking the files stored on the compromised systems.
During the encryption process, Temlown changes the names of the affected files drastically. The threat follows the pattern - original name, email address of the attackers, victim's ID and new file extension. For example, a file named 'Image1.jpg' will be renamed to 'Image1.jpg.[noitanimodd@gmail.com][nJ-OB5624980157].temlown.' Upon encrypting all targeted files, the threat will deliver a ransom note as a text file named 'Read-this.txt.'
Ransom Note's Details
The message provided by the threat, tells users that the first action they should take is to locate a file named 'prvkey.txt.key.' Its default location should be in the C:\ProgramData\ folder. Apparently, this file is crucial for the restoration of the data and without it, even the attackers will not be able to decrypt the files.
The note also states that the ransom will have to be paid using the Bitcoin cryptocurrency. To learn more details, victims are instructed to message the 'noitanimodd@gmail.com' and 'temloown@tuta.io' emails. A single file that is less than 1MB in size can be attached to the message to be decrypted and returned by the hackers for free.
The full text of Temlown Ransowmare's note is:
'All Your Files Has Been Encrypted
You Have to Pay to Get Your Files Back
Go to C:\ProgramData\ or in Your other Drives and send us prvkey.txt.key file
You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data
Payment should be with Bitcoin
Changing Windows without saving prvkey.txt.key file will cause permanete Data loss
Our Email:noitanimodd@gmail.com
in Case of no Answer:temloown@tuta.io.'
