Tellyouthepass ransomware is the cryptovirus that locks files using AES-256 and RSA-1024 and marks files with a commonly used appendix .locked

Tellyouthepass ransomware is the cyber threat that alters system files, registry entries and encodes personal photos, documents, and servers or archives. Army-grade encryption algorithms get used to change the original code of the file and make the data useless. When affected files get .locked extension ransom note README.html is delivered to the victim. This file shows the message from virus developers and states that the ransom amount is 0.2 Bitcoin. Victims are encouraged to pay for the alleged decryption key and contact criminals via tellyouthepass@protonmail.com, hence the name of the virus. The relation between Tellyouthepass ransomware virus and other ransomware threats is not confirmed but .locked is the extension used by many other threats. Cryptovirus remains one of the most dangerous cyber threats and paying shouldn't be considered.[1]
| Name | Tellyouthepass ransomware |
|---|---|
| Type | Cryptovirus |
| File marker | .locked |
| Ransom note | README.html |
| File encryption method | AES and RSA |
| Contact email | tellyouthepass@protonmail.com |
| Ransom amount | 0.2 Bitcoin |
| Distribution | Spam email attachments |
| Removal tips | Use reputable anti-malware for Tellyouthepass ransomware removal. Employ optimization tool like FortectIntego for fixing the virus damage |
Tellyouthepass ransomware is the threat that spreads around via spam email attachments and infected files like executables or documents, PDFs.[2] Main executables that contain malicious payload scripts got analyzed. Unfortunately, hello.exe and decrypt32.exe are not recognized by many AV engines. This fact makes malware removal more difficult, but it is still possible.
You need to remove Tellyouthepass ransomware using powerful anti-malware tool, preferably the licensed version with all the detection and removal functions. Antivirus programs have different databases and update them from time to time. Although at the time of writing, the virus cannot be detected by many programs, you can find a reputable tool that works for your device.
Tellyouthepass ransomware is the crypto-extortion based threat, so the demanding message gets delivered immediately after the encryption and reads the following:
I am so sorry ! All your files have been encryptd by RSA-1024 and AES-256 due to a computer security problems.
If you think your data is very important .The only way to decrypt your file is to buy my decrytion tool .
else you can delete your encrypted data or reinstall your system.
Your personid :
Decrytion do as follows:
1. if you not own bitcoin,you can buy it online on some websites. like https://localbitcoins.net/ or https://www.coinbase.com/ .
2. send 0.2 btc to my wallet address 1CLWBxbBKddQTUuhsUsn8izq2crUAgGYZ1.
3. send your btc transfer screenshots and your persionid to my email tellyouthepass@protonmail.com . i will send you decrytion tool.
Tips:
1.don’t rename your file
2.you can try some software to decrytion . but finally you will kown it’s vain .
Anything you want to help . please send mail to my email tellyouthepass@protonmail.com.
Have a nice day .
In most cases, crypto malware like Tellyouthepass ransomware affects system files too. It can add files or disable other functions, run programs or processes. Added registry entries or startup programs affect the machine significantly and disabled security functions keep the ransomware on the system.

For that reason, during automatic Tellyouthepass ransomware removal, you can also benefit from Safe Mode or System Restore features. We have a few more tips for this difficult process below the article. Also, clean the system with FortectIntego and fix virus damage.
Also, note that experts[3] recommend terminating Tellyouthepass ransomware before any data recovery attempts. It is especially crucial when you plan on using data backups from an external device because ransomware may encrypt those files the second you plug in the USB drive to the affected device. Rely on data recovery software, if you have no backups on cloud services or external devices.
A payload dropper that initiates malicious script gets loaded from the infected file attachment
The internet is not a safe place because malicious actors distribute their questionable programs and use various spreading techniques and campaigns. For example, one of the main techniques used to deliver the payload on the targeted system is spam email campaigns.
During such campaigns, emails get delivered to users with file attachments containing infected documents, files or direct download links. Once the executable or word document lands on the computer, the malicious script gets triggered and ransomware payload launched.
To avoid these dangerous cyber infections, you need to pay more attention to emails received on the email box and files attached to the notifications. Also, avoid clicking on the shortened hyperlinks that may show up on the email itself or the PDF attached. Keep the antivirus program on the machine and run a system scan from time to time so threats get blocked.
Delete Tellyouthepass ransomware virus from the machine right now
You need to get the anti-malware program for the proper Tellyouthepass ransomware removal and scan the machine fully. This way you can eliminate all virus damage and fix possible issues with the machine caused by the cyber threat.
Remove Tellyouthepass ransomware first before any data restoring attempts because you can lose your files or damage them permanently. Clean the system with FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes and remove possible intruders that may affect the performance additionally.
Tellyouthepass ransomware virus is not decryptable at the time, since there is no official decryption tool for this version. You still can store encrypted files and wait for the software in the future. However, the virus needs to be deleted before you use the machine again.
Was this guide helpful?
Be the first to comment