Tilde Ransomware Removal Guide

Do you know what Tilde Ransomware is?

Tilde Ransomware is also known as Simple_Encoder, and it is a dangerous infection that can easily hijack your personal files. This devious threat uses the AES encryption algorithm to encrypt files, and our research team informs that .doc, .txt, .xml, .jpg, .jpeg, .gif, .zip, .rar, .wmv, and .mp3 are amongst the types of files that are targeted by this threat. Once your files are encrypted, this malicious threat introduces a file called "_RECOVER_INSTRUCTIONS.ini". This file is placed in every folder with encrypted files. Additionally, a BMP file (e.g., img.bmp) is created in the"%TEMP%\Simple_Encoder\ directory. This file can change your regular Desktop wallpaper to introduce you to the ransom request. Both the INI and the BMP files represent the same message. Although it is crucial that you remove Tilde Ransomware from your operating system, it is a good idea to continue reading to learn more about this infection. On top of that, you will not achieve anything by deleting this threat right away.

Similarly to the recently discovered NoobCrypt Ransomware, Tilde Ransomware does not create copies of itself. Instead, it operates from the file that is used for its execution. This file might have a misleading name, and you might expect it to represent a PDF document, an image, or some other harmless file. The sample tested in our internal lab was only 13KB, and it was distributed via spam emails. Although different methods of distribution could be used to spread this ransomware, in most cases, it will enter your PC via a corrupted spam email. Right when you open this file, the encryption of your file will begin, and all corrupted files will gain the ".~" extension (e.g., test.doc.~). The purpose of encrypting your files is very clear. All that cyber criminals want from you is your money, and the encryption of sensitive, valuable files is the best option they have to get a lot of money fast. The "_RECOVER_INSTRUCTIONS.ini" file informs that you will not get access to files without a decryption key, and to get it, you supposedly need to pay a ransom, which, at the moment, is 0.8 Bitcoins (~523 USD/475 EUR).Tilde Ransomware Removal GuideTilde Ransomware screenshot
Scroll down for full removal instructions

The notification within the file (or on your Desktop) suggests that it is impossible to decrypt files in any other way, and, unfortunately, it is unlikely that any of the legitimate decryption tools could help you. Of course, you should look into this option. In the best case scenario, you can delete Tilde Ransomware without further delay because your files are securely backed up. If they are not, you might look into paying the ransom, which involves emailing cyber criminals at one1uno243@yandex.com to send them your personal ID (find it in the INI/Desktop notification). Keep in mind that if you contact cyber criminals using your regular email address, they could record it and flood it with corrupted spam emails in the future. In general, if you are not going to pay the ransom, there is no reason for you to contact cyber criminals. Pleading with them is unlikely to get you anywhere either. If you want to pay the ransom (not recommended), you will have to contact Tilde Ransomware creators to get further instructions.

We cannot recommend paying the ransom because the chances of being scammed are pretty high. The cyber criminals behind this ransomware could take your money without even planning on decrypting your files. If you want to pay the ransom, keep this in mind! Whatever you do about your files, you have to delete Tilde Ransomware from your PC, and you might be able to eliminate this threat manually. If you know which malicious file has launched the ransomware, it will not be difficult to initiate the removal process, and the remaining steps are quite simple. If you are confused, we advise using automated removal software, which is the best option if other threats are active as well.

Remove Tilde Ransomware

  1. Right-click and Delete the malicious launcher file (might be in the Downloads folder).
  2. Launch Explorer by tapping Win+E keys.
  3. Enter %TEMP% into the address bar at the top.
  4. Right-click and Delete the folder named Simple_Encoder that contains the malicious BMP file.
  5. Replace the Desktop image with the desired one.
  6. Right-click and Delete the _RECOVER_INSTRUCTIONS.ini ransom note in every location it is found.

In non-techie terms:

The removal of Tilde Ransomware is something you might choose to postpone due to the encryption of your personal files. At this time, there is no way to decrypt the files without having the decryption key, and only cyber criminals can release it. Paying the ransom is the only way to get this key, but even if your payment is successful, your files might remain encrypted, which is why the payment is not recommended. Of course, you have to decide if you want to take the risk for yourself. Obviously, if your files are backed up, the only thing you need to do is delete the ransomware, and you can follow the manual removal guide above to achieve this. Needless to say, we recommend anti-malware software instead because it not only can automatically erase malware but also ensure full-time protection.