What is the Tzw Ransomware?

Tzw is a ransomware-type program that was discovered by researchers while inspecting new submissions to online virus databases. When executed, it encrypts files and changes their titles, adding the ".tzw" extension. A ransom-demanding message – "readme.txt" – is then created.

The ransom note states that the only way to recover the encrypted files is to purchase a decryption key from the cyber criminals responsible for the attack. However, our experience with ransomware infections has shown that decryption is usually impossible unless a decryption tool is obtained from the attackers and victims often do not receive the promised decryptor even after paying.

In order to prevent Tzw ransomware from encrypting more data, it must be eliminated from the operating system. Unfortunately, removal will not restore already affected files; instead, they can only be recovered from a backup if one is available.

To avoid permanent data loss in case of a ransomware attack, it is highly recommended to keep backups in multiple different locations such as remote servers or unplugged storage devices.

It is also important to keep all software and operating systems up-to-date, as well as practice safe browsing habits in order to reduce the risk of infection.

The Tzw ransom note in full reads as follows:


All your files, documents, photos, databases and other important files are encrypted

The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.

The server with your decryptor is in a closed network TOR. You can get there by the following ways:


1. Download Tor browser - hxxps://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in TOR browser: -
5. and open ticket


Alternate communication channel here: -

Best practices and advice for minimizing damage from malware such as the Tzw ransomware

The best practices for backing up files to minimize damage from ransomware include:

1. Keeping backups in multiple different locations such as remote servers or unplugged storage devices. This will ensure that if one backup is compromised, you still have other copies of your data.

2. Regularly updating all software and operating systems to the latest version available. Outdated versions are more vulnerable to attacks and can be easily exploited by malicious actors.

3. Practicing safe browsing habits such as avoiding suspicious websites, downloading files only from trusted sources, and not clicking on links or opening attachments from unknown senders.

4. Installing a reliable anti-virus program and keeping it updated with the latest virus definitions to detect and block any malicious activity before it can cause damage.

5. Disabling macros in Microsoft Office applications as they can be used to execute malicious code without user interaction.

By following these best practices, you can significantly reduce the risk of infection and minimize the damage caused by ransomware attacks should they occur

January 16, 2023