Tbhranso Ransomware Removal Guide

Do you know what Tbhranso Ransomware is?

Tbhranso Ransomware can sneak onto your system behind your back and run amok by encrypting all your media files and more in a very short time. This new ransomware program could cause the biggest possible devastation to you that you have ever had even if it only targets default save directories. If you keep your files somewhere else, in your own designated folders, you may be in the luck this time and your files may not have been encrypted. In any case, the only way for you now to have your files back is to pay the ransom fee and hope for your attackers to keep their words, which our researchers say is quite unlikely to happen. It is usually more likely to be forced to pay even more money to get your files decrypted or these attackers may simply disappear into thin air. We believe that you should remove Tbhranso Ransomware right away if you want to restore your system even if you cannot recover your files. We hope that you have a backup that you keep somewhere safe and now you can use to recover your important files this way.

Our researchers have discovered that this dangerous malware infection is indeed a new member in the so-called Hidden Tear Ransomware family just like Cryp70n1c Ransomware, another recent threat is. The members of this family are mainly created by different hacker groups and even rookies who all use the same base, the Hidden Tear open-source ransomware to build their own variants. This new ransomware has been found spreading in spam e-mails. This means that you may have received a spam mail with an attachment, which you tried to view. The only reason why you would do that is that this spam and its attachment lead you to believe that there is an urgent and important issue that you are a part of or it concerns you somehow. The subject of such a spam can refer to an unpaid invoice or credit card detail issues, for example. In other words, an issue that could relate to a lot of people without raising suspicion that it is all fake. Unfortunately, once you cannot resist temptation and open this attachment, it will be impossible for you to stop the encryption process in time even if you rush to delete Tbhranso Ransomware.Tbhranso Ransomware Removal GuideTbhranso Ransomware screenshot
Scroll down for full removal instructions

If you want to protect your PC yourself, you also need to make sure that your browsers (and all other programs for that matter) and drivers are always up-to-date. There are malicious webpages created with so-called Exploit Kits that can easily drop such a dangerous ransomware program once you get redirected to it. You do not even need to click on any content there because the malicious scripts are triggered once the page loads. So you know now what to do if you do not want to end up having to delete Tbhranso Ransomware or other similar threats.

The only chance for your files to be still safe after this malicious attack is that you keep your important files somewhere other than the "%USERPROFILE%" and its subfolders. This ransomware threat seems to attack this directory and its subfolders, and encrypt all your photos, videos, documents, databases, and more with the AES encryption algorithm. The encrypted files assume a ".locked" extension that has been used by numerous threats like Storagecrypter Ransomware and Evasive Ransomware.

This infection does not replace your desktop background or block your system processes either, which makes it easier to remove it. The ransom note you can find on your desktop named "READ_IT.txt." It is a very simple message, no unnecessary details and information about how or where to buy Bitcoin, for example. You are simply told to send $100 worth of Bitcoins to "1MMphN2Rc5xCf4TGTVXQ6B8VSbYdQyCgYS" and when done, send an e-mail to "tbhranso@protonmail.com" including your PC name so these crooks can identify you. But there is obviously no guarantee whatsoever that you will get the promised decryption password; therefore, it is all up to you whether you take this risk. You may think that $100 is not a high price to pay for your files but please consider that you would support cybercrime by giving in to these demands. We suggest that you do not hesitate to remove Tbhranso Ransomware from your PC.

We have found that this malware infection does not delete itself after execution so you need to clean up its mess if you feel up to the task of manual removal. Please follow our guide below to eliminate this severe threat. It is also possible that you would not want to try this yourself and you would like to have an automated tool instead. Thus, we suggest that you download and install a trustworthy anti-malware application like SpyHunter that will also safeguard your PC automatically from future malicious attacks.

Remove Tbhranso Ransomware from Windows

  1. Press Win+E to open File Explorer.
  2. Delete the following files: "%APPDATA%\[2 random characters].exe" and "%USERPROFILE%\Desktop| READ_IT.txt"
  3. Delete the malicious executable you saved from the spam and ran.
  4. Empty your Recycle Bin.
  5. Restart your computer.

In non-techie terms:

Tbhranso Ransomware is a dangerous threat to your important files you may keep in default folders under the %USERPROFILE% directory. This ransomware can infiltrate your computer and encrypt all your precious files in no time. Then, it demands $100 in Bitcoins for the decryption password. Once you transfer the money and contact these criminals via e-mail, you are supposed to get a reply message with the decryption password. However, you have no guarantee at all that this will actually happen. Why do you think these villains would care about decrypting your files once they have your money? The only legitimate way for you to get your files back is to have a recently saved backup on a drive that is not connected to your computer. We strongly recommend that you remove Tbhranso Ransomware from your system immediately after you realize that you have been hit by this vicious infection. You may see now why it is so important to protect your PC with a powerful anti-malware program.