Tyrant Ransomware

What is Tyrant Ransomware?

Tyrant Ransomware is a newly released malicious application that was based on an open-source ransomware project known as DUMB. This ransomware is only semi-functional as it was designed to lock your computer’s screen but, in some cases, it might also encrypt your personal files. In any case, regardless of what it will do to your PC specifically, it will demand you pay money to unlock your PC and/or decrypt your files. However, you should not trust the cybercrooks to keep their word, so we recommend that you remove this ransomware as soon as the opportunity arises.

Where does Tyrant Ransomware come from?

As mentioned, this ransomware was based on the DUMB ransomware project. As a result, Tyrant Ransomware has semi-functions from the source. Though this ransomware was updated as well, so it might be more sophisticated than the ransomware it was based on.

As far as the methods used to distribute this new ransomware are concerned, our cyber security experts say that it might come with malicious emails that pose as invoices. The email subject line can have words such as “invoice,” “PDF,” and so on to trick you into thinking it is a document. However, if you read the full name (which can be made long intentionally to hide the

“.exe” extension that the very end) you will see that it is an executable. If you open the attached file, then your PC will become infected. If you open the file without downloading it first, then it will be dropped in the %Temp% folder. However, if you choose to download it first, then it will run from its destination location which is usually %USERPROFILE%\Downloads.

What does Tyrant Ransomware do?

If Tyrant Ransomware were to infect your computer, then it would create a new desktop window and replace the original desktop. In other words, it would create a window that overlays the desktop, and you will not be able to close it to use your computer. Hence, it is a screen-locking ransomware. Nearly all of the text in the lock screen is in the Farsi language written in the Arabic script. Therefore, it should be distributed in Iran mainly, but infections might occur in parts of Afghanistan, Tajikistan, and other places where a significant Farsi speaking population can be found.

In addition to locking your computer’s screen, this ransomware might also encrypt your files. Researchers say that this ransomware was configured to append encrypted files with a ".crypted" file extension. They have also found that the locations where it was set to encrypt files includes %USERPROFILE%\Documents, %USERPROFILE%\Music, %USERPROFILE%\Desktop, and %USERPROFILE%\Pictures. The encryption method used to encrypt the files is unknown, but researchers assume that it might use AES (Advanced Encryption Standard) to do that. Also, when testing this ransomware, it did not encrypt files at all, so researchers shave concluded that the encryption function is not always called.

Researchers have found that Tyrant Ransomware’s developers want their users to send 15 USD and thy promise to unlock your PC within 24 hours. Also, you have 24 hours to pay the ransom, but the consequences for failing to meet this deadline are not stated.

Researchers have found that the unlock code is 1DUMBcVysimeMnMxThLLtpsnVbbz3VoJTy, but there is no box where you can enter this code because the cybercriminals probably send their unlocking software along with the code.

How do I remove Tyrant Ransomware?

You should not pay the ransom because there is no guarantee that the cybercriminals will keep their word and send you the decryption key/tool. The good news is that you can remove Tyrant Ransomware easily by following the guide below or getting a powerful antimalware program after terminating the lock screen to delete it.

Removal Guide

1. Press Alt+F4 to close the lock screen.
2. Press Win+E keys.
3. In the File Explorer’s address box, enter the following file paths.
   • %USERPROFILE\Downloads
   • %USERPROFILE\Desktop
   • %TEMP%
4. Identify the ransomware’s executable.
5. Right-click it and click Delete.
6. Empty the Recycle Bin. Download Removal Tool100% FREE spyware scan and
   tested removal of Tyrant Ransomware*

Stop these Tyrant Ransomware Processes: