TMS5 Ransomware
The TMS5 Ransomware threat is strong enough to prevent its victims from accessing their own data. The encryption process of the threat impacts a wide range of files - documents, databases, pictures, archives, etc., and leaves them in an unusable state. As is usually the case with ransomware attacks, the operators of TMS5 also are financial motivate, using the locked files to extort money from the affected users or organizations.
Analysis of the TMS5 Ransomware has revealed that the threat is a variant of the previously identified Matrix Ransomware. When executed on the breached device, the TMS5 Ransomware will lock and encrypt the files stored there and replace their original names. The new file names will consist of an email address ('TomSoyer5@protonmail.com'), a unique ID string and a new file extension ('.TMS5'). A ransom note will be delivered to the infected systems as a file named '!TMS5_INFO!.rtf.'
The attackers state that the TMS5 threat uses a combination of the AES-128 and RSA-2048 crypto algorithms. They urge users who wish to receive the necessary decryption key and software tool for the restoration of the encrypted data to contact them via the provided email addresses - 'TomSoyer5@protonmail.com,' 'TomSoyer5@yahoo.com,' and 'TomSoyer5@aol.com.' The cybercriminals will only accept payments made using the Bitcoin cryptocurrency. In addition, they allow victims to send up to 3 files that are less than 5MB in size to supposedly be unlocked for free.
The full text of the ransom note is:
'HOW TO RECOVER YOUR FILES?
WE HAVE TO INFORM YOU THAT ALL YOUR FILES WERE ENCRYPTED!PLEASE BE SURE THAT YOUR FILES ARE NOT BROKEN!
Your files were encrypted with AES-128+RSA-2048 crypto algorithms.Please note that there is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server.
Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!
Please note that you can recover files only with your unique decryption key, which stored on our server.
HOW TO RECOVER FILES?
Please write us to the e-mail, we will send you instruction how to recover your data.
Our main e-mail: TomSoyer5@protonmail.comOur secondary e-mail: TomSoyer5@yahoo.com
Our secondary e-mail: TomSoyer5@aol.comPlease write to our main e-mail. If you will not receive answer in 24 hours, please write to our secondary e-mails! Please always check SPAM folder!
Write on English or use professional translator
In subject line write your personal ID: -
For your assurance you can attach up to 3 small encrypted files to your message. We will decrypt and send you decrypted files for free.
Please note that files must not contain any valuable information and their total size must be less than 5Mb.
Please don't worry, we can help you to RESTORE your server to original
state and decrypt all your files quickly and safely!OUR HELP!
You have to pay for our help in Bitcoin Cryptocurrency.
Immidiately after payment we will send you (by e-mail) automatic decryption tool and your unique decryption key. You just have to start decryption tool on your server and all files will be automatically decrypted. All original file names will be restored too.'
