TASI Ransomware. How to decrypt .tasi files?

If you can’t open your images, documents, or files and have a TASI extension, your computer is infected with “STOP Djvu” ransomware.

Tasi ransomware encrypts personal documents found on the victim’s computer with the extension “.tasi” and then displays a message offering to decrypt the data if a payment is made in bitcoins. The instructions are placed on the victim’s desktop in the “_readme.txt” file. Its activity is basically similar to other representatives of the same family: Djvu, Maak, Loov.

What is Tasi Ransomware?

NameTasi Virus
Ransomware family1DJVU/STOP2 ransomware
Extension.tasi
Ransomware note_readme.txt
RansomFrom $490 to $980
Contactmanager@mailtemp.ch, helprestoremanager@airmail.cc
SymptomsThe images, videos, and other documents have the “.tasi” extension and cannot be opened by any programs
Fix Tool Trojan Killer – ransomware infections tool. 14-day free trial.

Tasi is file-encrypting ransomware that restricts access to data (documents, images, videos) by encrypting files with the “.tasi” extension. He then tries to extort money from the victims, demanding a “ransom” in the Bitcoin cryptocurrency in exchange for access to the data. The AES-256 or RSA-1028 cipher it uses to encrypt the files is not decryptable with contemporary computers. Even quantum PCs that currently exist will spend thousands of years to find the decryption key.

How dangerous is the Tasi ransomware?

When you first get infected with Tasi ransomware, it will scan your computer for images, videos, and meaningful work documents and files such as .doc, .docx, .xls, .pdf. When these files are found, the ransomware will encrypt them and change their extension to “.tasi” so that you can no longer open them.

After the Tasi ransomware encrypts the files on your computer, it will display a “_readme.txt” file containing a ransom note and instructions on how to contact the ransomware authors. Victims of this ransomware will be asked to contact the cybercriminals at helprestoremanager@airmail.cc and manager@mailtemp.ch.

Here is the ransom note that the Tasi ransomware will show to its victims:

ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-fhnNOAYC8Z
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
manager@mailtemp.ch

Reserve e-mail address to contact us:
helprestoremanager@airmail.cc

How did the Tasi ransomware get on my computer?

The Tasi ransomware spreads by posting links to download hacked programs or games. They keep their eye on all hype themes which can be used to spread ransomware. New games releases, new popular films – Tasi developers make everything to get their victims on that. One of the most popular tactics these crooks use is one-day sites with torrent downloading links. Nonetheless, following the modern trends is not the single way these crooks use. Methods that have already become classic, such as email spamming, are also usual for STOP/Djvu ransomware distribution.

Malicious email spam
The example of email spamming that may lead to Tasi ransomware injection

Avoiding this ransomware does not require a lot of effort. Following the regular rules of computer hygiene will significantly decrease all risks. Remember that opening all files you receive on email is not a good idea. Even worse case is to allow macros in Microsoft Office files. But it is better to prevent the malware attack at the moment when you have just opened the email message. Checking the sender’s address can say a lot about what you can expect, and when you see the thing like “support@amazon.com” – it is likely a legitimate email. Meanwhile, stuff that tries to look like Amazon or FedEx delivery notification, but uses the email address of “amazonspurrot1363@gmail.com” – must make you be on the alarm. Above, you can see the example of such a message.

Outlaw sources of different digital things require some additional explanation. Going against copyright law already throws you to the risk of being fined. However, using torrent trackers or third-party sites to download “free” programs also exposes you to different malware. No one can control anonymous people who start the torrent seeding or publish the hacked program version on the site with pirated software.

Tasi virus removal instructions.

Download Trojan Killer Portable

Trojan Killer Portable Download

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use.

This guide below shows how to use Trojan Killer Portable3 for Tasi virus detection and removal:

  • STEP 1. Download and install Trojan Killer.

  • STEP 2. Click on "Finish".

  • STEP 3. Wait until necessary updates are downloaded and installed.

  • STEP 4. Select computer scan type.

  • STEP 5. The software will begin scanning your computer.

  • STEP 6. Click on "Cure PC".

Restore the files encrypted by the Tasi ransomware

In most cases, it’s impossible to recover the files encrypted by the Tasi ransomware because the private key needed to unlock the encrypted files is only available through cybercriminals. However, we’ve listed one option you can use to recover your files below.

Warning! Make sure you remove the ransomware from your system first, otherwise, it will repeatedly encrypt your files.

If your files were encrypted with an offline key, there is a chance you can recover them by using Emsisoft Decryptor for the STOP/Djvu decryption tool. Follow the below guide to recover your files using the Emsisoft Decryptor for STOP/Djvu.

  1. You can download Emsisoft Decryptor for STOP Djvu by clicking this link.
  2. When the decryptor has finished downloading, double-click on “decrypt_STOPDjvu.exe” to run this program on your computer.
  3. Click the “Decrypt” button to start the decryption process for Tasi files. The screen will switch to a status view, informing you about your files’ current process and decryption status.
  4. The decryptor will inform you once the decryption process will be finished. If you require the report for your records, you can save it by clicking the “Save log” button.

If the Emsisoft Decryptor can’t decrypt your .tasi files and you do not plan on paying the ransom, it is advised that you make an image of the encrypted drives so that you can decrypt them in the future.

Your computer should now be free of the Tasi ransomware infection. However, suppose your current antivirus allowed this malicious program on your computer. In that case, you might want to consider purchasing the full-featured version of Trojan Killer to protect against these types of threats in the future.

TASI Ransomware — How To Remove Virus & Decrypt Files?

Name: TASI Virus

Description: TASI Virus is a STOP/DJVU family of ransomware-type virus. It encrypts files, video, photos, documents. Encrypted files can be tracked by a specific tasi extension. TASI ransomware asks victims for a ransom fee about $490 - $980 in Bitcoin.

Offer price: 480

Currency: $

Operating System: Windows

Application Category: Virus

Sending
User Review
4.09 (11 votes)
Comments Rating 0 (0 reviews)
  1. My files are encrypted by ransomware, what should I do now?
  2. About DJVU (STOP) Ransomware: https://gridinsoft.com/ransomware/djvu
  3. More about Trojan Killer: https://gridinsoft.com/trojankiller

Leave a Comment

Sending

About William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several months after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master's degree in cybersecurity, I've started working as a virus analyst in a little anti-malware vendor.