T_TEN Ransomware
The T_TEN Ransomware is a malware threat that targets the data of its victims. These threatening tools are equipped with strong encryption routines that can impact a diverse set of file types. As a result, nearly all of the documents, images, photos, PDFs, archives, databases, and many other files stored on the breached devices will be rendered unusable and inaccessible. The files locked by this threat will have '.T_TEN' added to their original names as a new extension. Analysis of the T_TEN Ransomware has revealed that the threat is a variant of the previously identified DCRTR Ransomware.
Victims will be left with two ransom notes. The T_TEN Ransomware delivers the instructions of its operators as a pop-up window and a text file named 'Readme.txt' created on the desktop of the device. The ransom note displayed in the pop-up window reveals that cybercriminals will only accept ransom payments made in Bitcoin. As for the size of the demanded ransom, apparently, the price will depend on the time it takes victims to establish contact.
The note also mentions that up to 5 files could be sent to be decrypted for free, as long as they do not contain any important information and have a total size of less than 4MB. The pop-up window mentions a single email address that victims could message - 'yourbackup@email.tg.' The message found inside the threat's text file reiterates essentially the same information, but it provides two additional emails ('JRM_2022@mail2tor.com' and 'honest_decript2022@mail2tor.com') that could be used as communication channels.
The full message delivered as a pop-up window is:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail yourbackup@email.tg
Write this ID in the title of your message -
Before contacting a data recovery company, we recommend that you check the prices in the mail yourbackup@email.tg*
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
T_TEN Ransomware's text file contains the following message:
'YOUR FILES ARE ENCRYPTED
Your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can send an email: honest_decript2022@mail2tor.com and decrypt one file for free. But this file should be of not valuable!
Do you really want to restore your files?
Write to email: JRM_2022@mail2tor.com
The alternative way to contact us is to use Jabber: JRM_2022@mail2tor.com
Your personal ID: -
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
