Tyos Ransomware Joins Army of Djvu Clones Targeting Multiple Files for Encryption
Our analysis of Tyos has revealed that this malware functions as a ransomware by encrypting files and adding the ".tyos" extension to their filenames. The ransomware also generates a ransom note named "_readme.txt". Our team identified Tyos while investigating malware samples submitted to the VirusTotal website.
As an example, Tyos modifies filenames like "1.jpg" to "1.jpg.tyos" and "2.png" to "2.png.tyos". Notably, Tyos belongs to the Djvu ransomware family, which is often distributed by malicious actors together with other harmful software such as RedLine and Vidar, both of which are capable of stealing confidential information.
The ransom note contains two email addresses (support@freshmail.top and datarestorehelp@airmail.cc) that victims are instructed to contact within 72 hours to avoid the ransom amount increasing from $490 to $980 for the decryption tools. It is emphasized that the decryption of files is only possible with the purchase of decryption software and a unique key.
The ransom note also provides a means for victims to submit a single file for decryption without making any payment before committing to paying the ransom.
Table of Contents
Tyos Ransom Note Asks for $980 in Ransom
The full text of the Tyos ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-f8UEvx4T0A
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How is Ransomware Like Tyos Usually Distributed?
Ransomware like Tyos is typically distributed through various means, including:
Phishing Emails: Cybercriminals send phishing emails that contain malicious links or attachments. When the user clicks on the link or opens the attachment, the malware is downloaded onto their computer.
Exploiting Vulnerabilities: Cybercriminals may exploit software vulnerabilities in applications and operating systems to deliver ransomware onto the victim's device.
Malvertising: Malware can be distributed through malicious advertisements that appear on legitimate websites.
Remote Desktop Protocol (RDP) Attacks: Cybercriminals can target RDP endpoints to gain unauthorized access to a victim's computer and deploy ransomware.
Watering Hole Attacks: Cybercriminals may infect legitimate websites that are commonly visited by a target group, such as employees of a particular company, with ransomware.
Drive-By Downloads: Cybercriminals may use compromised websites to deliver ransomware through drive-by downloads. When the victim visits the website, the malware is automatically downloaded onto their device without their knowledge or consent.
What Is & How To Remove TYOS Ransomware From Your Computer - Should You Pay The Ransom?
