A security breach suspected to be TX ransomware has occurred.
We would like to provide the following information and warning regarding the situation.

TX Ransomware

The ransomware is called TX and it appears to be changing the filename.extension.TXRansom to all files.

How it works

File version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in Windows properties]

Ransomware behavior characteristics

• TX ransomware is designed to be difficult to analyze and detect by obfuscating internal functions and variables based on .NET. It also has a structure that allows you to easily change the target and scope of the attack by adjusting the flag value during the build process. After the encryption process is completed, this ransomware deletes the shadow copy of the system, making data recovery more difficult.

  
  [Figure 3: Obfuscated code of internal functions and variable names]

  
  [Figure 4 Internal code of the shadow copy deletion command.]

Infection results

A guide file is created in each folder location with the name < HELP_DECRYPT_YOUR_FILES.txt >, and each encrypted file is changed to < file name. extension. TXRansom >. After encryption is complete, run the txt note.

[Figure 5 Infection results]

White Defender Response

It also supports real-time automatic restoration of files that are encrypted before the malicious actions and blocking of WhiteDefender ransomware.

[Figure 6 Blocking Message]

Go watch the TX blocking video