TZW is the latest version of Adhubllka, which has been active since 2019 but has gone largely unreported due to its lower ransom demands.
TZW is the latest variant of the Adhubllka ransomware family, which has been active since 2019. Unlike many ransomware types that demand large ransoms, TZW typically asks for smaller amounts, ranging from $800 to $1,600, making it less reported in the media. This ransomware primarily targets individuals and small businesses.
Why has TZW gone largely unreported?
TZW's lower ransom demands compared to typical ransomware attacks, which often involve million-dollar sums, contribute to its underreporting. Victims may choose to pay the smaller ransoms to regain access to their data, allowing the attackers to operate under the radar.
How do researchers identify TZW?
Researchers identify TZW by analyzing communication channels used by the threat actors, such as ransom notes and email addresses linked to the ransomware. They also track previously associated Tor domains and look for unique phrases in ransom notes that indicate a connection to the Adhubllka family.