TomLe Ransomware

The TomLe Ransomware is a file-locking Trojan that's part of a Ransomware-as-a-Service family, the Crysis Ransomware (or Dharma Ransomware). The TomLe Ransomware blocks the user's files by encrypting them, adds extensions to their names, and demands ransoms through a family-standardized warning message. For protection, nearly all Windows cyber-security products should block infections and remove the TomLe Ransomware before it harms any media.

Digital Ransoms Still Popping Up as the Year Progresses

Easily one of the most identifiable forces in the Ransomware-as-a-Service black market, the Dharma Ransomware continues its business of selling Trojans to random threat actors as the year proceeds. Despite having ancient members like the LOVE Ransomware, the Dharma-Gate Ransomware, or the Php Ransomware, the family also is active in 2021. Recent attack examples might point to 14x Ransomware or the even newer TomLe Ransomware.

For its part, the TomLe Ransomware has shown no appearances in threat databases before February. The Trojan targets Windows environments and leverages the Dharma Ransomware family's standard, AES with RSA security encryption, for locking the user's files. Archetypal victims of these attacks include most text documents, pictures, music, and other media, although file-locker Trojans also can sabotage relatively esoteric data, such as 3D CAD projects.

As part of its payload, the Trojan shows precautions against the Restore Point backup solutions by issuing a secure deletion command with Windows default tools. Its features' financial side clarifies with its text and HTA ransom notes (the latter being a pop-up), which offer recovery services for the victim's files but don't outline a price. Threat actors usually ask for at least several hundred USD in a difficult-to-refund cryptocurrency format, and malware experts recommend against paying them.

Checking Out of a Business that will not Take No for an Answer

Like other file-locker Trojans, the TomLe Ransomware creates custom extension – which includes unique e-mails and IDs – to files' names so that the victims know which content the hostage is intuitive. There isn't a free unlocking service that's effective against modern versions of the Crysis Ransomware family. However, malware analysts note the potency of backup standards on non-local devices as an excellent cure to these attacks regularly.

File-locking Trojans can compromise non-secure servers after attackers brute-force passwords with weak strings or use vulnerabilities that typically are present in out-of-date software. Besides curating their login credentials and applying patches, users also should be cautious around e-mail attachments with potential disguises like invoices, hardware notices, or resumes. Naturally, malware analysts also discourage downloading illegal content, which correlates heavily with Trojans like the TomLe Ransomware.

Efficient cyber-security products for Windows environments should classify this program as a threat and delete the TomLe Ransomware automatically. This disinfection method is preferable, even for advanced users, since it also covers the potential for other security risks in the same incident.

The TomLe Ransomware has a new alias on its e-mail address, and in other respects, is a copy-and-paste byproduct of the Ransomware-as-a-Service industry. The best defense against a conventional problem is an equally-conventional defense – security programs, good habits, and a backup.