Tnwkgbvl Ransomware

Cybersecurity researchers have uncovered another malware threat known as the Tnwkgbvl Ransomware. The primary objective of Tnwkgbvl is to render the files stored on the compromised devices inaccessible by encrypting them with an uncrackable cryptographic algorithm. Furthermore, the ransomware generates a ransom note titled 'HOW TO RESTORE YOUR TNWKGBVL FILES.TXT' to deliver the attackers' demands to their victims.

In addition to encryption, Tnwkgbvl modifies the names of the affected files by appending the '.tnwkgbvl' extension to them. For example, a file originally named '1.png' would be renamed as V1.png.tnwkgbvl,' '2.jpg' as '2.jpg.tnwkgbvl,' and so on. It should also be noted that according to the analysis of the threat, Tnwkgbvl is a variant belonging to the Snatch Ransomware family.

The Tnwkgbvl Ransomware Locks Files and Demands Ransom Payments

The ransom note delivered by the attackers claims that the victim's network underwent a penetration test, resulting in the encryption of files and the acquisition of a substantial amount of data exceeding 100 GB. The encrypted data encompasses various sensitive information such as accounting records, confidential documents, personal data, and mailboxes.

The note emphasizes that attempting to decrypt the files using third-party utilities is futile, as only a specific decryptor possessed by the threat actors can reverse the encryption without causing any harm. It warns that failing to respond within three days may result in the threat actors publicly releasing the compromised files. The contact details provided for communication purposes are '777doctor@proton.me' and '777doctor@swisscows.email.'

It is strongly advised not to comply with the demands of the cybercriminals, as there is no guarantee that they will uphold their promise of providing the necessary decryption tools or keys.

To mitigate the risk of data loss, victims must take immediate action to remove the ransomware from their infected computers. Ransomware threats can persistently encrypt additional files while active, and in some cases, they can even propagate across a local network, potentially infecting other devices.

Effective Security Steps can Help Prevent Ransomware Attacks

Users can take several important steps to ensure the security of their devices and data from ransomware attacks. Here are some key measures to consider:

• Regularly update software and operating systems: Keep all software, including operating systems, applications, and antivirus/anti-malware programs, up to date. Updates usually include security patches that address vulnerabilities exploited by ransomware.
• Install reputable security software: Use reliable anti-malware software on all devices, and keep them updated. This software can detect and prevent ransomware infections.
• Exercise caution with email attachments and links: Be watchful when opening email attachments or clicking on links, especially from unknown or suspicious sources. Ransomware often spreads through phishing emails and malicious links. Verify the sender's identity and ensure the legitimacy of attachments or links before interacting with them.
• Regularly back up important data: Create and maintain regular backups of critical files and data. Backup copies should be stored offline or in a separate location from the primary device. This ensures that even if files are enciphered by ransomware, you can restore them from a secure backup.
• Educate yourself about ransomware and phishing techniques: Stay informed about the latest ransomware threats and phishing techniques. Regularly educate yourself on best practices for identifying and avoiding suspicious activities online.
• Regularly scan for malware: Perform regular scans of devices using reputable security software to detect and remove any malware or ransomware.
• By implementing these security measures and practicing good digital hygiene, users can significantly enhance the security of their devices and data, reducing the risk of falling victim to ransomware attacks.

The ransom note left to the victims of the Tnwkgbvl Ransomware is:

'Dear Management!

We inform you that your network has undergone a penetration test, during which we encrypted
your files and downloaded more than 100 GB of your data, including:

Accounting
Confidential documents
Personal data
Mailboxes

Important! Do not try to decrypt files yourself or using third-party utilities.
The program that can decrypt them is our decryptor, which you can request from the contacts below.
Any other program can only damage files.

Please be aware that if we don't receive a response from you within 3 days, we reserve the right to publish your files.

Contact us:

777doctor@proton.me or 777doctor@swisscows.emai'