Tizer78224 Ransomware

Posted by Sarah Stewart on May 21, 2019

What is Tizer78224 Ransomware?

Tizer78224 Ransomware is a malicious computer infection that encrypts target files with a strong encryption algorithm and then demands a ransom to be paid. It is part of the never-ending ransomware epidemic, and users have to be strong and alert if they want to fight such infections.

Although Tizer78224 Ransomware isn’t a high-profile infection, it can still inflict significant damage, so you should not take it lightly. If you were infected with this program, please scroll down to the bottom of this description for the manual removal instructions. Remove Tizer78224 Ransomware as soon as possible, and then protect your system from similar intruders in the future.

Where does Tizer78224 Ransomware come from?

This program is not stand-alone ransomware. Research shows that it is a newer version of the Rsautil Ransomware infection. Likewise, this program is related to Extractor Ransomware and Amnesia Ransomware, too. Thus, we know for sure that there must be certain features that are common to all these programs.

It is probably the method of distribution that all these infections share. As far as we know, Tizer78224 Ransomware mostly spreads through unsafe RDP (Remote Desktop Protocol) connections. It also means that users accept ransomware installers themselves, and they launch those files thinking the files must be important.

What’s more, it also shows that Tizer78224 Ransomware and other ransomware programs usually target corporate computer systems, as opposed to individual desktops. It is rather logical. If you want to receive as many payments as well, you would go for someone who would be more willing to transfer them, right? And smaller businesses are more likely to churn out the ransom payments because they need the data that gets encrypted. Also, smaller businesses are less likely to have their data backed up, so it would be a matter of life and death for that to restore the encrypted data.

The bottom line is that users have to be really careful about the files they open every single time. Also, it would be a good idea to scan the files you receive with a security tool. Especially if letting a dangerous file in by mistake would result in terrible consequences for a big computer network.

What does Tizer78224 Ransomware do?

It doesn’t take a genius to get what this program does because it works like any other ransomware program out there. First, it scans the system because it needs to find all the file types it can encrypt. After that, Tizer78224 Ransomware launches the file encryption. Depending on the version of the program, it might append an email address used for the ransom payment at the end of each encrypted file, too. Our sample didn’t do that, but do not be surprised if you suddenly see tons of email addresses in your folders.

When the encryption is complete, Tizer78224 Ransomware opens a ransom note. The ransom note is dropped in every single folder that has encrypted files. The filename is How_return_files.txt, and this is what you will find inside:

Hi friend…
:)
For instructions on how to recovery the files, write to me:

Tizer78224@gmx.de
Tizer78224@india.com
Tizer77234@protonmail.com

In the letter, indicate your personal ID (see the file format).

Notice, how there are three email addresses in the ransom note. It means that the malware server connection is not strong, and it might go down anytime. In fact, considering the fact that Tizer78224 Ransomware was released several months ago, it is very likely that it is no longer possible to contact these criminals via the given email addresses, so there’s no need to even consider paying the ransom fee (not that there was a point to consider it in the first place).

How do I remove Tizer78224 Ransomware?

Since this program has been out there for quite some time now, there should be a public decryption tool available. If not, you should address a professional who would offer you various ways to restore your files. Also, if you have a file backup, you can simply remove Tizer78224 Ransomware and all the encrypted files, and then transfer healthy files into a clean system.

If it was your company that got infected with Tizer78224 Ransomware, you should seriously consider educating your employees about ransomware and computer security, so that you would avoid such disasters in the future.

Manual Tizer78224 Ransomware Removal

  1. Remove unfamiliar files from Desktop.
  2. Open the Downloads folder and remove the most recent files.
  3. Press Win+R and type %TEMP%. Click OK.
  4. Delete the most recent files from the directory.
  5. Remove the How_return_files.txt ransom note.
  6. Run a full system scan with SpyHunter. 100% FREE spyware scan and
    tested removal of Tizer78224 Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *