TFlower Ransomware

The authors of the TFlower Ransomware appear to be very greedy since they offer to provide their victims with file-decryption services in exchange for 15 Bitcoin – around $150,000. Of course, no sensible user would agree to pay such a ludicrous amount of money to cyber-criminals so that it is not clear whether the authors of the TFlower Ransomware are serious about their demands or not. Unfortunately, cybersecurity experts have already established that the file locker operators have been serious in its development – it is able to encrypt a wide variety of files, and its encryption routine appears to be secure, therefore making it impossible to develop a free decryptor.

The TFlower Ransomware Does not Mark Your Files but Still Encrypts Their Contents

A peculiar trait of the TFlower Ransomware is that it does not apply any changes to the names of the files it encrypts – it has become a sort of a 'tradition' among ransomware developers to mark the names of the encrypted files with a custom extension. Apart from this little quirk, the TFlower Ransomware works as you would expect it to:

• It encrypts a large number of files in just a few minutes.
• It wipes out the Shadow Volume Copies and disables the System Restore service.
• It drops a ransom note via the file '!_Notice_!.txt.'

The ransom message contains the amount of money the attackers expect to receive, as well as the email flowerboard@torguard.tg for contact. Victims also are told to visit a TOR-based payment page if they wish to complete the payment and file decryption process.

We assure you that agreeing to sending money to anonymous cybercriminals is a terrible solution and you should not accept this offer. The best thing to do if your files have been taken hostage by the TFlower Ransomware is to run an anti-malware tool immediately, and then look into data recovery tools and options.