TISAK Virus 🔐 (.TISAK Files) — How to Remove?

by Brendan Smith
December 28, 2023

The Tisak virus belongs to the ransomware type of malicious agent. A harmful program of this type encrypts all user’s data on the computer (photos, documents, excel tables, music, videos, etc) and appends its own extension to every file, leaving the Tisak_Help.txt text files in each directory which contains the encrypted files.

Tisak virus: what is known so far?

Tisak will append its own .Tisak extension to every file’s name. For instance, an image named “photo.jpg” will be renamed to “photo.jpg.Tisak”. Just like the Excel table named “table.xlsx” will end up as “table.xlsx.Tisak”, and so forth.

In each directory containing the encoded files, a Tisak_Help.txt text file will appear. It is a ransom money memo. Therein you can find information about the ways of contacting the racketeers and some other remarks. The ransom note usually contains instructions on how to buy the decryption tool from the racketeers. You can get this decrypting software after contacting [email protected] by email. That is it.

Tisak Summary:

Name Tisak Virus
Extension .Tisak
Ransomware note Tisak_Help.txt
Contact [email protected]
Detection TrojanDownloader:Win32/Dalexis, Win32/GenCBL.DKX, Virlock.Ransom.FileInfector.DDS
Symptoms Your files (photos, videos, documents) get a .Tisak extension and you can’t open them.
Fix Tool See If Your System Has Been Affected by Tisak virus

The Tisak_Help.txt file coming in package with the Tisak malware provides the following frustrating information:

Your Network and your ESXI servers has been Encrypted by Tisak Ransomware V3.0

Your machine Id : 6C4E6C0DD6CD8727

Contact us:
Email 1 : [email protected]
Email 2 : [email protected]

This is our communication emails :
use above ID as the title of your email

Your ESXI machine which encrypted by our Dedicated Esxi-Ransomware:
a51-esx-01
a51-esx-02
a51-esx-03
a51-esx-04
a51-esx-05
a51-esx-09
a51-esx-10
a51-esx-11
a51-esx-12
and some others by windows Versions

Your ESXI encrypted By our Uniq Linux ransomware
and also after payment you will get ESXI decryptor compatible

If you don\'t pay the ransom, the data will be published on our TOR darknet sites.
Keep in mind that once your data appears on our leak site, it could be bought by your competitors at any second
so don\'t hesitate for a long time.
The sooner you pay the ransom, the sooner your company will be safe.

To confirm our honest intentions.Send 2 different random files and you will get it decrypted.
It can be from different computers on your network to be sure that one key decrypts everything.
2 files we unlock for free

You will receive btc address for payment in the reply letter

Tisak

In the image below, you can see what a directory with files encrypted by the Tisak looks like. Each filename has the “.Tisak” extension added to it.

Tisak Virus - encrypted .Tisak files

That is how encrypted “.Tisak” files look.

How did my machine catch Tisak ransomware?

There are many possible ways of ransomware infiltration.

Nowadays, there are three most popular methods for malefactors to have ransomware working in your digital environment. These are email spam, Trojan infiltration and peer-to-peer file transfer.

  • Another option for ransom hunters is a Trojan virus scheme. A Trojan is an object that infiltrates into your computer pretending to be something legal. For example, you download an installer for some program you need or an update for some service. However, what is unpacked reveals itself a harmful agent that encrypts your data. Since the update wizard can have any name and any icon, you’d better be sure that you can trust the resource of the things you’re downloading. The best thing is to trust the software developers’ official websites.
  • As for the peer-to-peer networks like torrent trackers or eMule, the threat is that they are even more trust-based than the rest of the Internet. You can never know what you download until you get it. Our suggestion is that you use trustworthy websites. Also, it is reasonable to scan the directory containing the downloaded objects with the anti-malware utility as soon as the downloading is done.

How to remove ransomware?

It is important to inform you that besides encrypting your files, the Tisak virus will most likely install Vidar Stealer on your computer to get access to credentials to different accounts (including cryptocurrency wallets). That program can derive your logins and passwords from your browser’s auto-filling data.

How to avert ransomware injection?

Tisak ransomware doesn’t have a superpower, neither does any similar malware.

You can protect your PC from its infiltration in several easy steps:

  • Never open any emails from unknown mailboxes with unknown addresses, or with content that has nothing to do with something you are waiting for (can you win in a lottery without participating in it?). If the email subject is more or less something you are expecting, scrutinize all elements of the questionable email carefully. A hoax letter will surely have a mistake.
  • Avoid using cracked or untrusted programs. Trojan viruses are often shared as an element of cracked products, possibly as a “patch” which prevents the license check. But potentially dangerous programs are very hard to tell from reliable software, as trojans may also have the functionality you need. You can try to find information about this program on the anti-malware message boards, but the optimal solution is not to use such software.

Frequently Asked Questions

🤔 How can I open “.Tisak” files?Is it possible to open“.Tisak” files?

There’s no way to do it, unless the files “.Tisak” files are decrypted.

🤔 The encrypted files are very important to me. How can I decrypt them quickly?

Hopefully, you have made a copy of those important files. In case you haven’t, there is still a chance that you do have a Restore Point from some time ago to roll back the whole system to the moment when it had no virus yet, but already had your files. The rest of the methods require patience.

🤔 What should I do if the Tisak ransomware has blocked my PC and I can’t get the activation key.

🤔 What could help the situation right now?

Some of the blocked files can be located elsewhere.

  • If you exchanged your important files by email, you could still download them from your online mail server.
  • You may have shared images or videos with your friends or family members. Simply ask them to post those pictures back to you.
  • If you have initially downloaded any of your files from the Internet, you can try doing it again.
  • Your messengers, social networks pages, and cloud disks might have all those files too.
  • It might be that you still have the needed files on your old computer, a portable device, phone, external storage, etc.

USEFUL TIP: You can use data recovery programs1 to retrieve your lost information since ransomware encodes the copies of your files, removing the original ones. In the video below, you can learn how to use PhotoRec for such a restoration, but be advised: you won’t be able to do it before you kill the virus with an anti-malware program.

I need your help to share this article.

It is your turn to help other people. I have written this article to help users like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith

References

  1. Here are Top 10 Data Recovery Software Of 2023.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment