Tisak Ransomware
Dubbed the "Tisak Ransomware," ut is a threatening software that encrypts files, rendering them inaccessible to users, and demands a ransom for their release. One of the distinctive features of the Tisak Ransomware is its ability to add the file extension ".Tisak" to the encrypted files. This modification not only signifies the compromised nature of the files but also serves as a clear identifier of the ransomware's presence on the affected system.
Table of Contents
The Ransom Note and Contact Information
Upon successfully encrypting files, the Tisak Ransomware leaves behind a digital calling card in the form of a ransom note named 'Tisak_Help.txt.' This note is designed to instill a sense of urgency and fear in the victim, providing explicit instructions on how to proceed. The ransom note instructs the victim to contact the perpetrators via the email addresses tisak1998@skiff.com and tisak1998@cyberfear.com.
The Verification Process and Unlocking Files
To validate their intentions, the ransom note includes a unique twist. It urges the victim to send two different random files for decryption, emphasizing that they can be sourced from different computers within the network. This approach aims to convince the victims that agreeing with the payment of the ransom will indeed result in the release of their files. The note explicitly states, "2 files we unlock for free," further underscoring the criminals' purported willingness to demonstrate their ability to decrypt the files.
Bitcoin Payment and Consequences of Non-Compliance
In the communication process initiated by the victim, the criminals behind the Tisak Ransomware are expected to provide a Bitcoin address for the payment of the ransom. Bitcoin, being a decentralized and pseudonymous cryptocurrency, is a preferred medium for cybercriminals due to its difficulty to trace.
The ransom note serves as a stark warning of the consequences of non-compliance. Failure to pay the ransom within the stipulated timeframe may result in permanent loss of access to the encrypted files, adding a layer of urgency and pressure on the victim to meet the attackers' demands.
The Tisak Ransomware represents a formidable threat to the digital security landscape, exploiting vulnerabilities in systems and leveraging the fear of data loss to extort victims. As with any ransomware attack, prevention and proactive cybersecurity measures are crucial to mitigating the risks associated with such harmful activities. Staying informed about emerging threats, maintaining up-to-date security software, and regularly backing up essential data are integral components of a robust defense against the growing menace of ransomware.
Victims of the Tisak Ransomware will receive the following ransom note:
'Your Network and your ESXI servers has been Encrypted by Tisak Ransomware V3.0
Your machine Id : 6C4E6C0DD6CD8727
Contact us:
Email 1 : Tisak1998@skiff.com
Email 2 : Tisak1998@cyberfear.com
This is our communication emails :
use above ID as the title of your email
Your ESXI machine which encrypted by our Dedicated Esxi-Ransomware:
a51-esx-01
a51-esx-02
a51-esx-03
a51-esx-04
a51-esx-05
a51-esx-09
a51-esx-10
a51-esx-11
a51-esx-12
and some others by windows Versions
Your ESXI encrypted By our Uniq Linux ransomware
and also after payment you will get ESXI decryptor compatible
If you don't pay the ransom, the data will be published on our TOR darknet sites.
Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second
so don't hesitate for a long time.
The sooner you pay the ransom, the sooner your company will be safe.
To confirm our honest intentions.Send 2 different random files and you will get it decrypted.
It can be from different computers on your network to be sure that one key decrypts everything.
2 files we unlock for free
You will receive btc address for payment in the reply letter
Tisak'
