Tear Dr0p Ransomware

The Tear Dr0p Ransomware is an encryption ransomware Trojan that was first observed by PC security researchers in early February 2018. The Tear Dr0p Ransomware is one of the many variants of ransomware Trojans based on HiddenTear, an open source ransomware platform that has been responsible for countless ransomware variants since its first appearance in August 2015. PC security researchers have reported that the HiddenTear code accounts for a very large percentage of ransomware Trojans being used to attack computer users currently. The Tear Dr0p Ransomware and similar threats are designed to take the victims' files hostage by making them useless and then demands a ransom payment from the victim to restore access to the affected files.

It is not Difficult to Know that the Tear Dr0p Ransomware Has Infected a Computer

The Tear Dr0p Ransomware makes the victims' files inaccessible by encrypting them with the AES 256 encryption algorithm. The Tear Dr0p Ransomware targets the user-generated files, while avoiding the Windows system files and applications. The following are some of the file types that are typically encrypted by attacks like the Tear Dr0p Ransomware's:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Tear Dr0p Ransomware will append the file extension '.teardr0p' to the end of the file's designation, making it easy to know which files have been encrypted by the Tear Dr0p Ransomware attack.

The Tear Dr0p Ransomware’s Ransom Note and Demand

The Tear Dr0p Ransomware will deliver its ransom note after encrypting the victim's files. However, although most ransomware Trojans based on HiddenTear will limit their ransom note to a text file delivered to the victim's machine, the Tear Dr0p Ransomware's ransom note is somewhat unconventional. The Tear Dr0p Ransomware uses an audio record featuring a female, computer-generated voice that reads the Tear Dr0p Ransomware's ransom note. This note is delivered in a program note with the name 'TEAR DROP V1' and the following text message (which is read out loud in the audio file):

'Your files have been encrypted with AES, using 256 bit private key

You can do one (or more) of the following)
1: Pass the "test" and I'll decrypt your files!
2: Crack the program and find the decryption key!
3: Remove "Tear Dr0p.exe" from your App Data folder (You won't get your encrypted files back though)'

The Tear Dr0p Ransomware's curious ransom note includes a puzzle with Roman numerals. The Tear Dr0p Ransomware's encryption method has been cracked and that there are ways for computer users to restore their files after an attack. This is not common, and in most cases, the victims' files will be unrecoverable completely. Because of this, the best protection against the Tear Dr0p Ransomware and similar threats is to have file backups. If you have backup copies of our files stored on the cloud or an external memory device, then you can recover from a Tear Dr0p Ransomware attack without having to deal with the people responsible for the attack.