TellYouThePass ransomware reemerges alongside its new ability

TellYouThePass Ransomware Reemerges Golang Cybersecurity Malware

TellYouThePass ransomware has reemerged in the cybercriminal scene with an attack capability of utilising the Go language (Golang) added to its malicious arsenal.

According to researchers, Golang can help ransomware groups target many operating systems, including Windows. A recent report also revealed a code-level change in the ransomware, making it effortless to compile for platforms such as Linux and macOS.

The report also showed a code similarity of over 80% between the Windows and Linux samples of TellYouThePass ransomware. Researchers have monitored several other changes, including utilising an all-new encryption algorithm that analysts have not seen in the past.

The encryption process utilises the AES-256/RSA-2014 algorithms. Unfortunately, there is no ransomless decryptor available for this ransomware which is very alarming for entities that might suffer the wrath of the new ransomware in the future.

Furthermore, the researchers said that the operators of TellYouThePass demand about 0.05 Bitcoin, which is approximately more than $2,000, in exchange for a decryption tool. They have also noticed the use of the Golang Crypto Packages to create the RSA key.

The recent return samples of the TellYouThePass ransomware showed that the operators randomised the names of all functions aside from the primary feature, which frustrates them.

Before executing the encryption process, TellYouThePass ransomware kills tasks and services that may hinder the process, such as web servers, document editors, database apps, and email clients. Also, some directories are not included in the encryption process to halt the system from being non-bootable.

 

TellYouThePass ransomware is a severely financially motivated ransomware group first discovered in the later months of 2019.

 

Unlike today, this ransomware was created to target Windows devices back then exclusively.

However, TellYouThePass was recently discovered by leveraging the critical remote vulnerability of Log4Shell for its attacks and targeting different operating systems.

The new development of TellYouThePass ransomware implies how malicious threat actors are utilising modern languages to make their attacks more formidable. The recent threat is now eyeing several operating systems, making it a more capable threat to the cybersecurity landscape.

About the author

Leave a Reply