TFlower – The Latest Ransomware Targeting Businesses

TFlower has emerged as the latest ransomware targeting corporate environments, gaining entry into networks through exposed Remote Desktop Protocol (RDP) services. TFlower was actually discovered in August, and at the time it was thought to just be another generic ransomware. But TFLower activity is reported to be picking up. While TFlower’s rise in the ransomware environment may have come as a surprise, its method for infecting systems shouldn’t be. As reported in FSecure’s recently released Attack Landscape H1 2019 report (discussed in Tuesday’s Security and Resilience Update), RDP was the infection vector used by the greatest share of ransomware families, at 31 percent. The ransoms being demanded to decrypt a TFlower infection have not been reported. Meanwhile, the ransomware is still being researched to see if there are any weaknesses in its encryption that could allow a victim to recover their files for free. Read the article at Bleeping Computer.