Ransomware, Content, Malware

Canada Issues TFlower Malware, Ransomware Advisory

Share

The Canadian Centre for Cyber Security (CCCS) has issued an advisory about TFlower, a ransomware variant that may infect users via exposed, unpatched Remote Desktop Protocol (RDP) services.

TFlower was discovered July 30, and it uses a variety of infection vectors to attack victims. In addition to RDP services, TFlower's infection vectors include:

  • Email spam and malicious attachments.
  • Deceptive downloads.
  • Botnets.
  • Web injects.
  • Malicious ads.
  • Fake updates.
  • Repackaged and infected installers.

After a TFlower malicious actor infects a system, it attempts to move laterally across a network, CCCS said. The malware then contacts a command-and-control server, encrypts system contents, deletes shadow copies and disables Windows recovery features.

TFlower finally encrypts files and marks them by inserting the string "*tflower" at the beginning of the file, CCCS noted. It also leaves a ransom note named “!_Notice_!.txt.”

How to Combat TFlower Attacks

CCCS offered a variety of tips to combat TFlower attacks, including:

  • Install operating system updates.
  • Disable remote desktop services if they are not required.
  • Activate network level authentication across Windows devices.
  • Avoid opening attachments from unknown or unverified sources.
  • Whitelist applications to prevent unauthorized applications from running.
  • Limit the number of users with administrative privileges.
  • Disable macros for documents received via email.

MSSPs also can provide malware analysis and detection services to protect organizations against TFlower and other malware attacks. That way, MSSPs can help organizations keep pace with evolving cyberattacks.

Canada Issues TFlower Malware, Ransomware Advisory

The Canadian Centre for Cyber Security issues an advisory about TFlower, a ransomware variant that may infect users via Remote Desktop Protocol services.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.