Tellyouthepass Ransomware
The Tellyouthepass Ransomware is a file-locker Trojan and update of the GoldenAxe Ransomware. Besides changing its ransoming message, it continues with the same attacks as its ancestor, such as encrypting your files for keeping them from opening correctly. Good anti-malware services should remove the Tellyouthepass Ransomware or stop an installation exploit, and keeping secure backups will put your work at less risk of being ransomed.
Trojans Telling You the Password – for a Ransom
After attacking users back in 2018, the GoldenAxe Ransomware is reappearing with campaigns compromising targets through infection vectors that its victims aren't reporting. The new version, the Tellyouthepass Ransomware, keeps the encryption and other, core features of the GoldenAxe Ransomware, but offers up a different ransoming message. In a change of social engineering tactics, the Tellyouthepass Ransomware is giving those it attacks an open price for paying for a decryptor's acquisition and the prospective recovery of their files.
The Tellyouthepass Ransomware circulates with several names, including 'e3.exe' and 'hello.exe,' and is compatible with most Windows environments. After the installation, it encrypts media, such as Word documents, Paint BMP pictures, and other files with a secured form of AES that keeps them from opening. Readers should note that this update uses a different, and much more generic, extension of 'locked' for these files, which can make cases of mistaken identity more likely than with the GoldenAxe Ransomware.
Another alteration that malware researchers are confirming is the Tellyouthepass Ransomware's using an HTML, instead of TXT, ransoming message. The new instructions give out a price (currently at 0.2 Bitcoins or roughly one thousand dollars) for the decryptor, a dynamic wallet address that changes per victim and other warning information. Old decryption software for this Trojan's family isn't compatible with the Tellyouthepass Ransomware release, but the threat actors are maintaining a new equivalent – although paying may not provide access to this service.
Ducking Your Head Under GoldenAxe Ransomware's Second Swing
The Tellyouthepass Ransomware has some affiliations with OPJerusalem, an anti-Israel campaign that attacks Israeli-owned websites. This history places such sites at risk for having their content encrypted by the Tellyouthepass Ransomware attacks, although malware experts can't confirm this geolocational preference in the Trojan's distribution statistics. Regardless of OPJerusalem's influence, the Tellyouthepass Ransomware can block files on most Windows machines, and users always should respond to it as if it's a real threat to their documents and other work and recreational files.
Backup preservation is the most direct solution to any file-locking Trojan's attacks. Users should store their backups on devices or drives that include additional login security or are detachable for keeping the Tellyouthepass Ransomware from harming them completely. After finding an infection, the user should scan their system with a compatible anti-malware tool for uninstalling the Tellyouthepass Ransomware before they restore their files.
While victims could hope for an upcoming, free decryptor, taking the fate of your media into your hands always is the best option. Letting the Tellyouthepass Ransomware tell you what you're going to do to get your files back is a circumstance that's worth avoiding with the occasional backup.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.