Ransomware TellYouThePass

The TellYouThePass ransomware is a Trojan written in the Java and .Net languages, but in more recent attacks the Go language has been used.

The common form of invasion used by the group is through email attachments, usually as Microsoft Word files.

After the file is downloaded, the ransomware is installed and preparations for encryption are initiated. All programs that could prevent the encryption are disabled, and after that the encryption is started.

After making the files inaccessible by encryption, the extension ‘.locked’ is added to the files. TellYouThePass is intended for large files such as: media, images, databases, PDFs, Word documents, and others.

After encryption is completed, an HTML file called ‘README.html’ is created and opened in a web browser.

Inside the file a ransom note is left, in which the criminals explain that the victim’s files have been encrypted in RSA-1024 and AES-256, and that the way to get the files back is by paying the ransom.

Which is not true, because, there are companies like Digital Recovery that are able to recover encrypted files for the ransomware, even without the decryption key.

In that ransom note, the email address of the group is left for the victim to contact the group, this is another tactic used by criminals to pressure the victim into paying the ransom.

It is important to note that there is no guarantee that the decryption key will be released after the ransom is paid, the victim needs to trust only the criminal’s word. All government authorities completely discourage paying the ransom.

Recover Files Encrypted by TellYouThePass Ransomware

Digital Recovery specializes in recovering encrypted data through ransomware of any length and on any storage device, be it hard drives, SSDs, databases, virtual machines, warehouses, RAID systems and others.

All our processes are unique and have been developed by our experts.

We have the technology to remotely retrieve data from anywhere in the world, in a fully controlled and secure environment.

All project information is confidential, we provide the confidentiality agreement (NDA) to ensure this.

In cases of high urgency, we set up emergency mode recovery, where our labs work 24×7 to get the recovery done as fast as possible.

Contact our experts and start the recovery process now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionized digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery