TellYouThePass Ransomware Returns as a Cross-Platform Golang Threat

Tellyouthepass is one of the many ransomware-like programs that encrypt files and keep them encrypted until a ransom is paid. The application renames all encrypted files with the “.locked” suffix and generates a ransom note in the text file “README.html”.

This ransomware encrypts data using the RSA-1024 and AES-256 cryptographic techniques. The only option to decrypt files is to acquire a decryption program from Tellyouthepass’s makers.

What Happened?

As reported by BleepingComputer, TellYouThePass ransomware has resurfaced as Golang-compiled malware, making it simpler to attack additional operating systems, particularly macOS and Linux.

Last month, threat actors exploited it using the Log4Shell vulnerability to attack susceptible devices, therefore signaling the reappearance of the malware strain.

The use of Golang is prompted by the fact that Golang is a programming language that was initially embraced by malware programmers in 2019 because of its cross-platform adaptability. Furthermore, Golang supports the packaging of required libraries into a single binary file, resulting in a reduced footprint of command and control (C2) server connections and, as a result, lower detection rates.

It is also easier to learn than other programming languages, such as Python and has current debugging and plugin tools that make programming easier.

Crowdstrike analysts

Read More: https://heimdalsecurity.com/blog/tellyouthepass-ransomware-returns-as-a-cross-platform-golang-threat/