Tyrant Ransomware

The Tyrant Ransomware is a Trojan with code borrowed from DUMB, a proof-of-concept program that includes file-locking features. The threat may block your media, including pictures, movies, music, and documents automatically, change their names, and display pop-ups asking you to pay to unblock them. Since this family is highly decryptable traditionally, malware analysts suggest using free decryption software or backups, instead of transferring the Tyrant Ransomware's ransom, after uninstalling the Tyrant Ransomware with the anti-malware product of your preferred brand.

DUMB as a Trojan Still may be Smarter than Your Data Security

The open-source DUMB program is starting to become a reappearing name for threat actors who want to extort money from Middle Eastern-based PC owners. Since the Turkish Trojan identified as Ramsomeer Ransomware, malware experts are finding few DUMB-based threats relatively, but a new one is only just becoming identifiable in meaningful quantities: the Tyrant Ransomware. While it uses data-locking attacks and ransoming demands, similarly to the AnDROid Ransomware and the Ramsomeer Ransomware, this third Trojan is targeting Persian or Farsi speakers in nations like Iran.

The Tyrant Ransomware uses the AES-based enciphering, rather than the previous XOR, to block different files on an infected computer, typically targeting content such as documents, spreadsheets, pictures, databases or archives. The Tyrant Ransomware may or may not include additional, cosmetic features for modifying the names of the locked data, including inserting new extensions. With this done for giving the user incentive to pay its fee, the Tyrant Ransomware creates a ransom note.

Unlike past variations of DUMB, the Tyrant Ransomware doesn't drop any English-based messages for its victims. The Tyrant Ransomware loads its ransoming instructions via an HTA-based pop-up window that asks, in Farsi, for an equivalent of fifteen USD within one day's time. The Tyrant Ransomware also provides a countdown for determining the time remaining before its threat actor raises the price of the decryption software that could, in theory, decode and restore the files.

Overthrowing Digital Tyranny on a Small Scale

Although malware experts do categorize the Tyrant Ransomware as a direct threat to any saved data on an infected system, its encoding feature isn't as secure as those of most Ransomware-as-a-Service families necessarily. Decryption solutions are compatible with some of the past variations of file-locking threats using the DUMB's code, although confirmation for the Tyrant Ransomware is ongoing. Victims that can't restore backups for retrieving any locked media should contact an experienced cyber security researcher for help with identifying potential decryption methods for the Tyrant Ransomware.

The Tyrant Ransomware bears a surprisingly minor ransom demand, which threat actors often only utilize against random targets, rather than business or government entities manually-chosen. Randomly-distributed Trojans can be seeded through mislabeled torrents, hosted on fake media download-themed websites, or installed by drive-by-downloads from corrupted browser advertisements. Most anti-malware programs include different defenses against all of these infection methods and should eliminate the Tyrant Ransomware before it finishes installing.

Trojans specific to single countries, particularly ones with file-locking payloads, are minorities among the threats that malware analysts see from day to day. The Tyrant Ransomware's choice of language may inform upon its preferred infection tactics but, simultaneously, offers no real protection from its attacks to systems using English, Chinese or other settings.