Malware
TFlower
TFlower is a new ransomware targeting mostly corporate networks discovered in August, 2019.
TFlower is a Windows malware family.
Background
First seen in August 2019, TFlower is a ransomware aimed largely at corporate networks. Reports indicate attackers deploy it after obtaining network access through RDP. While encrypting a host, it shows a console of its ongoing activity, a sign that the operator launches it manually after the breach, mirroring the TTPs of Samsam/Samas. When encryption begins, the malware sends a status update to what appears to be a hard-coded C2. It wipes shadow copies and disables the Windows 10 repair environment, and it kills any active Outlook.exe process so that mail files can be encrypted. Rather than appending an extension, it prepends the marker "*tflower" along with what may be the file's encrypted encryption key to each affected file. After encryption finishes, it reports back to the C2 server once more.
Source: Malpedia (Fraunhofer FKIE).