The TellYouThePass ransomware is a Trojan written in the Java and .Net languages, but in more recent attacks the Go language has been used.
The common form of invasion used by the group is through email attachments, usually as Microsoft Word files.
After the file is downloaded, the ransomware is installed and preparations for encryption are initiated. All programs that could prevent encryption are disabled and after that, encryption is started.
After making the files inaccessible by encryption, the ‘.locked’ extension is added to the files. TellYouThePass targets large files such as: media, images, databases, PDFs, Word documents, and others.
Upon completion of encryption an HTML file called ‘README.html’ is created and opened in a web browser.
Inside the file a ransom note is left, in it the criminals explain that the victim’s files were encrypted in RSA-1024 and AES-256, and that the way to get the files back is by paying the ransom.
Which is not true, because, there are companies like Digital Recovery that are able to recover files encrypted by ransomware even without the decryption key.
In that ransom note the email address of the group is left for the victim to contact the group, this is another tactic used by criminals to pressure the victim to pay the ransom.
It is important to stress that there is no guarantee that the decryption key will be released after the payment of the ransom, the victim needs to trust only the word of the criminal. All government authorities completely discourage paying the ransom.
Digital Recovery specialises in the recovery of data encrypted by ransomware of any length and on any storage device, whether HDDs, SSDs, Databases, Virtual Machines, Storages, RAID systems and others.
All our processes are exclusive and have been developed by our experts. All of them are in accordance with the General Data Protection Regulation (GDPR).
We have technology to remotely recover data from anywhere in the world, in a totally controlled and safe environment.
All information about the projects is confidential, we provide the confidentiality agreement (NDA) to ensure this.
In cases of high urgency, we create the recovery in emergency mode, in which our labs work 24×7 so that the recovery is made in the fastest possible way.
Contact our experts and start the recovery process now.