Ransomware called TFlower is being installed on networks after attackers hack into exposed Remote Desktop services. The ransomware is still being researched, so it is not known at this time if there are any weaknesses in the encryption that could allow a user to get their files back for free. Victims will find a ransom note named!_Notice_!.txt placed throughout the computer and on the Windows Desktop. Ransom note will instruct victims to contact the [email protected] or [email protected].
Source: https://www.bleepingcomputer.com/news/security/tflower-ransomware-the-latest-attack-targeting-businesses/