Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Tbhranso Ransomware

The surfacing of Tbhranso Ransomware means that the infamous Hidden Tear Ransomware family has grown again with yet another member. This family has dozens of variants that are based on an open-source project, Hidden Tear, including Cryp70n1c Ransomware and Goofed Ransomware just to mention two of the most recent threats. This new ransomware infection does not seem to be decryptable by free tools yet so you are left with the only option offered by your attackers, i.e., to pay the ransom fee to get the decryption password. However, paying this fee always come with risks. There is no guarantee that you will get the password because anything can happen, even technical issues and the remote server could go offline any time, which would result in your losing your files anyway. But it is also very unlikely that these criminals care about your files enough to send you the decryption password. Your only hope may be to have a backup that you can use after you remove Tbhranso Ransomware from your system. Otherwise, you may have to get used to the fact that you will never be able to use the encrypted files.

Our research indicates that this threat is mostly spread via spamming campaigns. Since we humans are quite the curious kind by nature, these cyber criminals simply use this trait to attack us. No wonder why they succeed so many times when sending thousands of spam e-mails at a time. This spam has a file attachment that is usually disguised as a photo or a document but, in reality, it is an executable that will be activated the moment you click to view it. This also means that you cannot stop the encryption process by the time you realize what is happening and you delete Tbhranso Ransomware. There is no way you can stop this malicious threat once you execute this attachment. This is why you need to be very cautious every time you find a questionable mail either in your spam folder or inbox folder. You should never click to see an attachment when in doubt about the subject or your relation to it or your involvement in it even if the matter seems real or important (e.g., an unpaid invoice).

Once this ransomware is triggered, the malicious executable is dropped on your system as "%APPDATA%\[2 random characters].exe." This malware infection uses the good old AES algorithm to encrypt all your personal files in the "%USERPROFILE%" directory and its subfolders. The encrypted files get a widely used ".locked" extension, which does not really let you identify the ransomware you have been hit with since it is used by several threats. When the encryption is done, the ransom note text file called "READ_IT.txt" is dropped on your desktop.

This file contains all the information you need to learn about the payment. You have to transfer 100 USD in Bitcoins to a given Bitcoin address and then, send an e-mail to "" with the name of your PC. Then, you are supposed to get a reply with the decryption password. We believe that it is highly unlikely that you will get anything from these criminals. But it is your decision to make. Please consider, though, that experience shows that such crooks are more likely to disappear after you send them the ransom fee or even infect you with further dangerous malware programs. We believe that it is important that you remove Tbhranso Ransomware as soon as possible; even if this could mean the loss of your files.

It is not too complicated to eliminate this dangerous threat but you should remember that this is not equal to recovering your files. In fact, if malware hunters do not come up with a free tool in the near future that could restore your files, you have no chance to decrypt them. Hopefully, you have a backup stored in cloud or on a removable hard disk, which you can use to restore at least some of your lost files. But you can only do so once you have removed Tbhranso Ransomware from your PC. Please follow our instructions below if you want to take matters into your own hands. However, if you want the most effective defense for your PC regarding possible future attacks too, we suggest that you install a reliable anti-malware program, such as SpyHunter as soon as possible.

How to remove Tbhranso Ransomware from Windows

  1. Tap Win+E.
  2. Delete these files from your system:
    %APPDATA%\[2 random characters].exe
    %USERPROFILE%\Desktop| READ_IT.txt
  3. Locate and delete the malicious executable you downloaded and launched.
  4. Empty your Recycle Bin and reboot your PC.
Download Spyware Removal Tool to Remove* Tbhranso Ransomware
  • Quick & tested solution for Tbhranso Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.