TEREN Ransomware

The TEREN Ransomware is a file-locking Trojan or a program that can block files of formats related to media like documents, pictures, etc. The TEREN Ransomware attack uses a secure encryption method based on the Dharma Ransomware family and isn't unlockable by third parties, in ordinary circumstances. Anti-malware products for Windows should delete the TEREN Ransomware, but backups may be necessary for comprehensive data retrieval.

Dharma Ransomware's File-Blocking Rampage Rolls Onward

Thanks to being available cheaply to threat actors with no more programming talent than they deem necessary, the Dharma Ransomware is one of the top Ransomware-as-a-Services currently active. Attacks by threats like the Chuk Ransomware, the Dr Ransomware, the Lina Ransomware, or the Love$ Ransomware show minor variations in their themes for hiding, but almost no alterations in their attacks once they're in position. The TEREN Ransomware, like its many fellows from this RaaS family, is another re-confirmation of the effectiveness of bread-and-butter encryption attacks.

Changes to extensions and e-mails are the TEREN Ransomware's main claim to its ten minutes of fame versus the many file-locker Trojans that arrived before it. Like them, it targets Windows environments and uses Registry-based persistence while it hides from the user. Its payload emphasizes the AES encryption that it secures with a private RSA key. It uses the feature to lock most digital media (DOCs, PDFs, TXTs, spreadsheets, pictures, and many more) on an infected computer.

More subtly, the Trojan also includes concealed CMD system commands that wipe the Shadow Volume Copies, AKA Windows Restore Points securely. This attack completes the hostage scenario by depriving users of access to their files or any default recovery method. Ransomware-as-a-Services like the TEREN Ransomware seek to profit from these circumstances invariably. Malware researchers take note that the TEREN Ransomware has minimally-updated content in its ransom notes, which sell the decryption service for the user's files through HTA-format pop-ups and Notepad TXT texts.

Getting Data Back at Less than a Trojan's Asking Price

Costs from Ransomware-as-a-Service attacks, for victims start at hundreds of dollars, typically and range upwards from there, up to thousands or tens of thousands of dollars. Most criminals demand payment in safely non-refundable currencies like Bitcoin or vouchers. There also is the ever-present danger of threat actors not providing the unlocking service, even if the victim promptly sends the money.

Concerning data recovery, malware researchers strongly recommend all Windows users backing their work up onto other, protected devices. However, preventing attacks also should be within most users' reach by minding commonplace security standards. Using strong passwords, disabling document macros, turning off JavaScript and Flash while Web-browsing, and avoiding illicit downloads such as copyright-protected media are helpful practices.

So far, this campaign has no well-publicized cases of attacks. Most business entities are targets of Ransomware-as-a-Services after their employees open corrupted e-mail attachments or use weak passwords. Anti-malware products may mitigate many of these risks and should remove the TEREN Ransomware automatically.

What the TEREN Ransomware's name means, if anything, is something that only its threat actor knows for sure. What its payload means is a more clear-cut riddle, though, and one that's answerable just by having an appropriate backup.