Cybersecurity researchers have uncovered a resurgence of the TellYouThePass ransomware, a strain first identified in 2019. Recently, a new variant of this malware has emerged, rewritten in Golang, a programming language developed by Google. The adoption of Golang has become increasingly popular among cybercriminals for its cross-platform capabilities, allowing for simultaneous attacks on different operating systems such as Windows and Linux with minimal code alterations. This strategic shift enables attackers to maximize their reach and efficiency.
Originally coded in Java and .NET, the TellYouThePass ransomware has reappeared as a second-stage payload in recent attacks. Its resurgence follows the exploitation of the Log4Shell vulnerability, a critical security flaw disclosed in December 2021, which had significant implications for a wide range of software applications worldwide. This vulnerability allowed threat actors to gain unauthorized access to systems and deploy malware like TellYouThePass to launch subsequent attacks. By leveraging Golang, the ransomware can be more versatile and adaptable, increasing its potency across various environments.
Once the ransomware encrypts a victim’s files, it demands a ransom payment of 0.05 Bitcoin (approximately £31,960) for a decryption key to restore the data. This extortion tactic leaves affected users with few choices, forcing them to either pay the hefty fee or risk losing valuable information.
On January 13, 2022, cybersecurity researchers documented widespread exploitation of the Log4Shell vulnerability, which became a significant vector for ransomware attacks, including the resurgence of TellYouThePass. This incident served as a stark reminder of the persistent threat posed by ransomware, emphasizing the importance of timely security patches and proactive measures to safeguard against evolving malware tactics.