What is Tilde Ransomware?
It is high time we discuss a malicious application called Tilde Ransomware, also referred to as Simple_Encoder Ransomware that you must remove as soon as possible. Nevertheless, once it has entered your PC — it is too late because it immediately encrypts all of the files on your hard drives and demands that you pay a ransom to decrypt your files. The cyber criminals behind this infection demand a hefty ransom, so paying it may not be an option for you. So read this article and come to your own conclusion. We have provided a guide at the end that will help you delete all of its malicious files to render your computer safe again.
Where does Tilde Ransomware come from?
Since this ransomware has been discovered only days before this article, there is not much information about it. All we know is that it is distributed using email spam that contains an attachment that contains this ransomware’s main executable file. We think that the executable file may be put in a self-extracting file archive or a regular file archive. Our malware analysts say that the ransomware does not copy itself to another location. Therefore, all you have to do is delete its executable to reestablish your computer’s security. However, to prevent this infection from entering your computer altogether you have to have an anti-malware application that protects your computer at all times. Now that we know how this ransomware is distributed and how you can protect your PC from it let us move on to its inner-workings to find out more about it.
How does Tilde Ransomware work?
Our researchers have manage to obtain a sample file of Tilde Ransomware and found that it uses the AES encryption algorithm that is set to encrypt various file types that include but are not limited to .mid, .key, .crt, .csr, .pem, .doc, .odt, djvu, .djv, .zip, .rar, .tgz, .tar, .bak, .mov, .mkv, .flv, .wma, and .mp3. In short, this ransomware targets almost all files on your PC, particularly those files that are most likely to contain personal and thus valuable information for which you would be willing to pay the ransom. While encrypting, it will append the file name with the ~ symbol. For example, a file named MyImage.jpg will be renamed MyImage.jpg.~.
After the encryption is complete, Tilde Ransomware will create a file named _RECOVER_INSTRUCTIONS.ini. This file is the ransom note that features the most important information you need to pay the ransom. The ransom note states that “All your files (documents, photos, videos) were encrypted. It's impossible to get access to your files without necessary decrypt key. All your attempts to solve problem yourself will be unsuccessful!” Unfortunately, all of this is true since there is no third-party decryption tool that could crack this ransomware’s encryption. The cyber criminals want you to pay 0.8 BTC (Bitcoins) which is currently 522.3 USD. This is a substantial sum of money, and your files might not be worth it. In any case, by paying the ransom, you risk throwing your money away because you might not receive it. Therefore, we think that the best solution for tackling this problem is to eradicate this infection altogether.
How to remove Tilde Ransomware
Given that there no way to get your files back without paying the outrageous ransom, we recommend that you remove Tilde Ransomware from your computer using our guide. Take note that its malicious executable is named randomly, and you will find it in the place where you chose to extract it to. We suggest checking your downloads folder, documents folder, and desktop if you are not sure where you have pointed it to. If you are unable to locate it, then use SpyHunter’s free scanning function to detect it and delete it manually.
Tilde Ransomware Removal Guide
- Delete this ransomware’s executable file.
- Then, press Windows+E to open File Explorer.
- Enter %TEMP%\Simple_Encoder in the address box and chit Enter.
- Delete the _RECOVER_INSTRUCTIONS.ini files scatted throughout your computer.
- Change your desktop wallpaper.
tested removal of Tilde Ransomware*
0 Comments.