The image below provides a visual representation of files with the “tasa” extension: It as well adds this file to the desktop, so the victim will not miss its appearance even without opening folders. For instance, a file named “ 1.jpg” would be altered to “ 1.jpg.tasa” and “ 2.png” to “ 2.png.tasa“.Īfter successful encryption, malware spawns a special text file named “ _readme.txt” and places it in every folder containing the encrypted files. This virus encrypts a wide range of common file types and appends its distinct “.tasa” extension to all files. The Tasa virus bears resemblance to other DJVU ransomware variants such as Jaqw, Jasa, Jaoy, Yytw, Yyza, Popn, and Poaz. This key is the same for all users, which allows for the decryption of files encrypted by the ransomware. If Tasa fails to connect the command and control server (C2) before starting the encryption process, it resorts to using offline keys.Tasa employs a unique key for each victim, with one exception: There were the cases where victims have paid the ransom, only to be denied by the cybercriminals with the decryption key provision. The cybercriminals behind the Tasa virus are not trustworthy. It is important to say that paying off the bill is not a guarantee of the successful recovery of your files. The ransom note provides instructions on how to pay off the bill and often includes threats of data loss or ransom amounts surge if the ransom is not paid within a specified timeframe. Once Tasa malware finishes the encryption, it shows a ransom note to the victim, asking for a ransom payment in exchange for the decryption key. Since Tasa virus uses such a robust encryption method, it becomes pretty difficult, if even possible, to pick the decryption key without cooperating with the attackers. Tasa Ransomware uses Salsa20 encryption algorithms to cipher the files. In all cases, a text file with ransom payment guidances is named as “ _readme.txt“. Then, the ransomware asks for a ransom payment in Bitcoin from its victims, that ranges from $490 to $980, depending on the time passed after the attack. The files touched by ransomware become inaccessible and unusable. ciphered files can be identified by a distinct “. This malware encrypts different file types. The Tasa virus is a malicious program that encrypts your files and makes you pay for their restoration. After that this ransomware asks for a ransom payment – ($490 – $980) in Bitcoin. Its main target is to cipher all of your files it can reach. □ Tasa virus belongs to ransomware that originates from the DJVU/STOP ransomware family.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |