Tbhranso Ransomware

What is Tbhranso Ransomware?

Tbhranso Ransomware is a harmful infection that will enter your computer to lock your files using the AES (Advanced Encryption Standard) algorithm. It has been set to perform the encryption of files so that its author could obtain money from users easier. It is not at all surprising that it acts like this because it uses the source code of Hidden-Tear, an open-source ransomware infection available at GitHub. It is not the first crypto-threat developed on the engine of this open-source ransomware infection, so, as a consequence, it is not the first HiddenTear-based infection our specialists have analyzed either. It is the reason researchers working at anti-spyware-101.com have quickly found out how Tbhranso Ransomware works as well. If you want more detailed information about this infection, you should read two next paragraphs attentively. Then, delete the ransomware infection from your computer right away because its executable file (it is located in the %APPDATA% directory) might be launched accidentally again, and it will go to encrypt new files immediately. The last paragraph contains more information on the removal of this nasty infection.

What does Tbhranso Ransomware do?

No doubt Tbhranso Ransomware is a typical ransomware infection, research conducted by our malware analysts has shown. It goes to encrypt users’ files the first thing when it infiltrates their computers, so it will turn out soon that you have actively working malicious software on your computer if Tbhranso Ransomware ever slithers onto your computer too – it is hard not to notice a bunch of encrypted files. It has been observed that the ransomware infection locks files in %USERPROFILE% and its subfolders. The first symptom showing that your files have been encrypted too is the inability to open them, but it is not the only symptom indicating that they have been locked. You will also see the .locked extension appended to all these files that cannot be opened. Last but not least, you will find a .txt file (READ_IT.txt) dropped on Desktop after the successful entrance of Tbhranso Ransomware. If you read this ransom note, you will see that there are not many options to choose from. The only way to decrypt files is to send 100 USD in Bitcoin to cyber criminals and then send an email to tbhranso@protonmail.com with your PC name. Of course, you should not do that because you might not be given a tool to restore your files. If it is not sent to you after you make a payment, you will lose your money too because crooks will not send it back to you in such a case. Sadly, free decryption software does not exist, so we cannot promise that you could unlock your files. There is only one thing you can do to get them back for free – restore these affected files from a backup one by one.

Where does Tbhranso Ransomware come from?

Ransomware infections are one of those threats that infiltrate users’ computers without permission and then make modifications on these affected systems without the users’ knowledge; however, frankly speaking, users are not so innocent themselves too. They are usually the ones who allow ransomware infections to enter their computers. For example, users often end up with ransomware infections on their PCs after opening malicious attachments masqueraded as harmless files, e.g. documents. Without a doubt, malicious applications can also be downloaded from pages administered by cyber criminals, so never download applications from dubious websites and make sure you do not click on suspicious links you see because you might initiate the automatic download of malware with the single click. Of course, you might click on malicious links accidentally too, so you will be sure that malware cannot enter your PC only if you install security software on your computer. Our security specialists recommend doing this ASAP too.

How to delete Tbhranso Ransomware

You need to remove the ransomware infection from your computer today if you do not want to find more files locked on your system. When the malicious attachment is executed, it drops only one file [2 random characters].exe to %APPDATA%. You need to delete this file to disable the ransomware infection. Then, go to delete the ransom note READ_IT.txt from your Desktop. All malicious components of the ransomware infection can also be deleted automatically.

Delete Tbhranso Ransomware manually

1. Open Explorer (Win+E).
2. Type %APPDATA% in the URL bar and tap Enter.
3. Locate the .exe file whose name consists of 2 random characters. Delete it.
4. Remove READ_IT.txt from Desktop (%USERPROFILE%\Desktop).
5. Empty Recycle bin. Download Removal Tool100% FREE spyware scan and
   tested removal of Tbhranso Ransomware*

Stop these Tbhranso Ransomware Processes: