If you cannot open your pics, documents, or files and see the .tuis extension on them, your computer is definitely infected with Tuis ransomware. It belongs to the STOP/Djvu ransomware group
Tuis ransomware encrypts personal documents located on the victim’s computer with the extension “.tuis” and then generates the ransom note in each folder that contains encrypted files. The instructions are put on the victim’s PC in the “readme.txt” file. Its activity is generally comparable to other samples of the same ransomware family: Tury, Powz, Pohj.
What is Tuis Ransomware?
Name | Tuis Virus |
Ransomware family1 | DJVU/STOP2 ransomware |
Extension | .tuis |
Ransomware note | _readme.txt |
Ransom | From $490 to $980 |
Contact | support@fishmail.top, datarestorehelp@airmail.cc |
Symptoms | The images, videos, and other documents have the “.tuis” extension and cannot be opened by any programs |
Fix Tool | Trojan Killer – ransomware infections tool. 14-day free trial. |
Tuis is file-encrypting ransomware that prevents access to your text files, Excel tables, videos, and pictures by ciphering them. It marks the ciphered files with the “.tuis” extension. Then Tuis ransomware adds a ransom note (readme.txt) to each folder. In it, you can see the instructions to pay the ransom ($490-$980 in Bitcoin) to a specified BTC wallet. The AES-256 or RSA-1028 cipher it utilizes to encrypt the files is not decryptable with modern computers. Even quantum PCs that currently exist will likely spend hundreds of years to find the decryption key.
How dangerous is the Tuis ransomware?
When Tuis ransomware gets into your system, it will examine your system for photos, videos, and also important documents. It encrypt] all widespread file formats- .psd, .doc, .docx, .xls, .xlsx, .pdf, .jpeg, .png, et cetera. When these files are located, the ransomware will encrypt them and also change their extension to “.tuis” to ensure that you understand what happened.
After the Tuis ransomware encrypts the files on your computer, it will drop the last “readme.txt” file on the main screen. In addition to the ransom transaction instructions, the victims also see the emails to contact the fraudsters – datarestorehelp@airmail.cc and support@fishmail.top.
Here is the money ransom note that the Tuis ransomware shows to its victims:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-fhnNOAYC8Z
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
support@fishmail.top
Reserve e-mail address to contact us:
datarestorehelp@airmail.cc
How did the Tuis ransomware get on my computer?
The Tuis ransomware spreads by placing links to download hacked programs or games. Cybercriminals distributing this ransomware are remarkably foxy and aim to keep in touch with current trends. New games introductions, new popular films – Tuis developers make whatever to get their victims on that. One-day websites with torrent download links are some of the most popular strategies these burglars apply. Nevertheless, using contemporary news is not the single manner these burglars utilize. Ways that have already turned into the standard, such as email spamming, are also normal for STOP/Djvu ransomware distribution.

The example of email spamming that may lead to Tuis ransomware injection
Preventing this ransomware does not need a lot of initiative. Adhering to the regular rules of PC hygiene will noticeably minimize all dangers. Keep in mind that starting all files you receive by e-mail is not a good idea. An even worse scenario is to enable macros in Microsoft Office documents. However, it is better to stop the malware intrusion at the moment when you have just opened the e-mail message. Examining the sender’s address can say a lot about what you can anticipate and when you see things like “support@amazon.com,”– it is likely a legitimate email. On the other hand, stuff that tries to look similar to Amazon or FedEx shipment notification but uses the email address “amazonspurrot1363@gmail.com”– should make you be on the alarm. Above, you can see an example of such a message.
Illegal sources of various digital things require some extra explanation. Violating copyright regulation surely throws you to risk of being fined. Nevertheless, torrent trackers or third-party sites to download “free” programs also exposes you to various malware. No one can regulate anonymous people who start torrent seeding or release the hacked program version on the website with pirated programs.
Tuis virus removal instructions.
Download Trojan Killer Portable |
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. |
This guide below shows how to use Trojan Killer Portable3 for Tuis virus detection and removal:
STEP 1. Download and install Trojan Killer.
STEP 2. Click on "Finish".
STEP 3. Wait until necessary updates are downloaded and installed.
STEP 4. Select computer scan type.
STEP 5. The software will begin scanning your computer.
STEP 6. Click on "Cure PC".
Restore the files encrypted by the Tuis ransomware
In most cases, it’s impossible to recover the files encrypted by the Tuis ransomware because the private key needed to unlock the encrypted files is only available through cybercriminals. However, we’ve listed one option you can use to recover your files below.
Warning! Make sure you remove the ransomware from your system first, otherwise, it will repeatedly encrypt your files.
If your files were encrypted with an offline key, there is a chance you can recover them by using Emsisoft Decryptor for the STOP/Djvu decryption tool. Follow the below guide to recover your files using the Emsisoft Decryptor for STOP/Djvu.
- You can download Emsisoft Decryptor for STOP Djvu by clicking this link.
- When the decryptor has finished downloading, double-click on “decrypt_STOPDjvu.exe” to run this program on your computer.
- Click the “Decrypt” button to start the decryption process for Tuis files. The screen will switch to a status view, informing you about your files’ current process and decryption status.
- The decryptor will inform you once the decryption process is finished. If you require the report for your records, you can save it by clicking the “Save log” button.
If the Emsisoft Decryptor can’t decrypt your .tuis files and you do not plan on paying the ransom, it is advised that you make an image of the encrypted drives so that you can decrypt them in the future.
Your computer should now be free of the Tuis ransomware infection. However, suppose your current antivirus allowed this malicious program on your computer. In that case, you might want to consider purchasing the full-featured version of Trojan Killer to protect against these types of threats in the future.
TUIS Ransomware — How To Remove Virus & Decrypt Files?
User Review
( votes)- My files are encrypted by ransomware, what should I do now?
- About DJVU (STOP) Ransomware: https://gridinsoft.com/ransomware/djvu
- More about Trojan Killer: https://gridinsoft.com/trojankiller