Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating

The typical signs observed on servers infected by the TellYouThePass ransomware include:

1. Encrypted files: The ransomware encrypts files on the infected server, making them inaccessible. Encrypted files are marked with the '.locked' extension.

2. Ransom note: A ransom note named 'READ_ME10.html' is left on the server, demanding approximately $6,500 in exchange for the decryption key.

3. Unusual network activity: The ransomware may communicate with its command-and-control servers over the network to receive instructions or transmit data6. Monitoring network traffic for any unusual or suspicious activity can help detect the infection.

4. System performance issues: Ransomware can consume a significant amount of system resources, leading to a noticeable decrease in server performance. If the server becomes slow or unresponsive, it could be a sign of ransomware infection.

5. Disabled security software: To avoid detection, ransomware often disables or bypasses security software installed on the server. If your antivirus or firewall has been turned off without your knowledge or consent, it could be an indication of a ransomware attack.

6. Changed file extensions: Some ransomware variants change the file extensions of encrypted files to make them unrecognizable. Keep an eye out for any unusual file extensions on your server.

7. Missing or altered files: Ransomware may delete or modify files on the server as part of its encryption process5. If you notice that files have gone missing or have been altered without your authorization, it could be a sign of ransomware activity.

8. Unexpected system reboots: In some cases, ransomware may force the server to reboot without warning. If the server does reboot randomly, especially repeatedly, contact your IT administrator right away.