Tyrant Ransomware is a newly-found ransomware-type computer infection set to lock your computer’s screen and (possibly) encrypt your files, if it happens to infect it. Therefore, removing it is crucial to your computer’s security, not to mention the fact that you will not be able to use your computer unless you get rid of this program. Furthermore, you cannot trust its developers to unlock your PC because you might take your money and you will not hear from them. Indeed, this program is a means to extract money from you. To find out more about this malicious program, we invite you to read this whole article and follow the guide below in order to unlock your PC and delete this ransomware.
Once Tyrant Ransomware has infected a computer, it locks its screen immediately to prevent you from using it entirely. It places a locks screen with a ransom note written in Farsi. Therefore, it is easy to see that this ransomware was intended to be distributed in Iran, Afghanistan, and other countries where Farsi is widely used. The information provided on the lock screen states that you have to pay a 15 USD ransom within 24 hours and your PC will be unlocked within another 24 hours. Interestingly, we have obtained an unlock code which is 1DUMBcVysimeMnMxThLLtpsnVbbz3VoJTy, but there is no place to enter it.
Apart from locking your computer’s screen, this ransomware might also encrypt your personal files using Advanced Encryption Standard (AES) that would corrupt your files, and you would not be able to access the data and information stored in them. However, when testing a sample of this ransomware, it did not encrypt any files. Nevertheless, it has been set to append the encrypted files with a “.crypted" extension. A list of targeted directories was also set, and this program was set to encrypt files in %USERPROFILE%\Pictures, %USERPROFILE%\Desktop, %USERPROFILE%\Music, and %USERPROFILE%\Documents. However, the list of file types to be encrypted is not present. In any case, the fact that it might not encrypt your files is a good thing indeed as decrypting them might be impossible.
We have found that Tyrant Ransomware is based on a ransomware project called DUMB. It uses DUMB’s source code which has been updated by Tyrant Ransomware’s developers. Researchers say that his ransomware might be disseminated using email and the executable file might be disguised as an invoice in a PDF file. The emails could be sent to random users in Iran and neighboring countries. If you open the fake invoice and you do not have an anti-malware program, then this ransomware will infect your PC.
In closing, Tyrant Ransomware is one dangerous computer infection that can lock your computer’s screen, but also encrypt your files. It seems that it is distributed in places where Farsi is a prevalent language. If you do not have an anti-malware program, then we suggest you get it because there is no decryption tool for this ransomware’s encryption. We recommend you use SpyHunter or our instructions to remove Tyrant Ransomware.
How to delete this ransomware
|#||File Name||File Size (Bytes)||File Hash|
|1||cf43470e9aea95c8a8e348a17ef47da03868c825c90b810f220f14d7e48bd22f.exe||461312 bytes||MD5: 6caaf500c248de17b190729370007dda|
|#||Process Name||Process Filename||Main module size|