Tizer78224 Ransomware
The Tizer78224 Ransomware is an encryption ransomware Trojan that was first observed on May 13, 2018. The Tizer78224 Ransomware is distributed through the use of spam email messages commonly. The victims will receive a corrupted email message that includes a file attachment in the form of a DOCX file with embedded macro scripts that download and install the Tizer78224 Ransomware onto the victim's computer. The Tizer78224 Ransomware also may be delivered through unsafe links and pages compromised by criminals to deliver threats to visitors. The Tizer78224 Ransomware is a variant of a ransomware Trojan observed in April 2017, known as the RSAUtil Ransomware. It is essential to take steps to protect your data from threats like the Tizer78224 Ransomware, which are becoming more common increasingly as the code for these threats becomes more widely available to criminals looking to carry out these attacks.
Table of Contents
The Tizer78224 Ransomware has Many Variants
Since the first variants of the Tizer78224 Ransomware were released, PC security researchers have observed several updates to the threat, each using different contact email accounts and file extensions to mark the affected files. PC security researchers named the threat Tizer78224 Ransomware because of its association with the email account 'Tizer78224@gmx.de,' used to contact the criminals after the attack is carried out. The Tizer78224 Ransomware attack is simple to understand, and there is very little to differentiate it from the many other encryption ransomware Trojans that have been seen in recent times. The Tizer78224 Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, and then a ransom should be paid in exchange for the decryption key, needed to restore the affected files.
How the Tizer78224 Ransomware Carries out Its Attack
Threats like the Tizer78224 Ransomware will make the victim's files inaccessible with a strong encryption algorithm. The files compromised by the attack are marked with a new file extension. The Tizer78224 Ransomware and its variants will add a file extension that includes a contact email between square parenthesis followed by an ID number. The Tizer78224 Ransomware has been associated with three email accounts specifically: 'Tizer78224@gmx.de,' 'Tizer78224@india.com' and 'Tizer77234@protonmail.com.' Other variants in this ransomware family have been observed to be associated with the email addresses listed below:
fox2278@gmx.de ; fox2278@india.com ; fox2278@protonmail.com
jonskuper578@gmx.de ; jonskuper578@protonmail.com
lion7872@gmx.de ; lion7872@india.com
panda7499@gmx.de ; panda7499@india.com ; panda7499@protonmail.com
vine77725@gmx.de ; vine77725@india.com ; vine77725@protonmail.com
ziz777@india.com ; ziz777@india.com
The Tizer78224 Ransomware and its many variants target the user-generated files in their attacks. We are adding some examples of the file extensions associated with the files that may be compromised by infections like the Tizer78224 Ransomware:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Tizer78224 Ransomware delivers a ransom note in the form of a text file named 'How_return_files.txt,' which will be dropped on the victim's desktop. This ransom note asks the victim to contact the criminals via email and carry out a payment using Bitcoins.
Dealing with the Tizer78224 Ransomware
There's no valid reason to paying the Tizer78224 Ransomware ransom or contacting its admins since, in most of the cases, the money will be lost forever. However, having file backup, you will have the simplest way of making your file recoverable. A reliable security program also can prevent the Tizer78224 Ransomware from being installed in the first place.
