Tuis ransomware is the most recent Djvu/STOP ransomware strain. Tuis ransomware encrypts victims’ files and demands payment to decrypt them. Encrypted files will have .tuis added to them, hence why it’s dubbed Tuis ransomware. Without a decryptor, you won’t be able to open any of the encrypted files. And the only people with access to a decryptor are the malicious actors operating this malware. For it, victims are expected to pay $980.


Tuis ransomware note


As soon as the infection is initiated, it will begin encrypting files. Personal files like photos, videos, and documents are the main targets. A .tuis extension will make it very obvious which files have been encrypted. Unfortunately, you cannot open files with this extension unless you use a decryptor on them first. It won’t be easy to obtain the decryptor, though, as only the malware operators have it. The _readme.txt ransom letter that is dropped in every folder containing encrypted files explains how to purchase it.

Tuis ransomware files

The Tuis ransomware decryptor costs $980, according to the ransom note. You should be skeptical of claims that victims who contact malicious actors within the first 72 hours will receive a 50% discount. Generally speaking, it is not a good idea to engage with cybercriminals or pay the demanded ransom. Even if you pay the ransom, there are no guarantees that you will receive a decryptor. Malware operators are unlikely to feel any obligation to help victims even if they pay them. You should also keep in mind that the money victims pay would be used to fund other malicious activities. And one of the reasons ransomware is so successful is that victims are willing to pay the demanded ransom.

Unfortunately, a free Tuis ransomware decryptor is not yet available to victims without backups. It is difficult for malware researchers to develop a decryptor since ransomware versions from this family use online keys to encrypt files. Online keys mean the keys are unique to each user. A decryptor will not work to decrypt your files unless your specific key is released. The good news is that it’s not impossible that those keys will eventually be released by cyber criminals. It has happened in the past. But until that happens, your only option is to wait.

We should point out that there are many bogus decryptors, so you should be very careful when looking for one. NoMoreRansom is one of the best sources for decryptors, and if you cannot find it there, you won’t find it on a random forum.

As soon as you remove Tuis ransomware from your computer, you can begin recovering files if you have a backup of your data. Because ransomware is a fairly sophisticated infection, you shouldn’t attempt to remove Tuis ransomware manually unless you know exactly what you’re doing. You risk doing more harm by incorrectly removing ransomware. Using anti-virus software is much safer.

Ransomware distribution methods

Users who have bad browsing habits are more likely to infect their computers with malware because they engage in risky online behavior. For example, they’re more likely to open random email attachments that may contain malware, download copyrighted content using torrents, click on random links, etc. Developing better habits can go a long way toward preventing malware infections.

Cybercriminals’ favorite way of spreading malware is via email attachments. For their malicious email campaigns, they buy thousands of email addresses from hacker forums and add infected files to emails. Users initiate the malware when they open those malicious attachments. These emails are typically pretty easy to identify because they’re low-effort. The biggest giveaways are grammar and spelling mistakes. Because malicious senders sometimes pose as representatives of legitimate businesses, the mistakes are very glaring. Legitimate emails rarely contain mistakes since they appear unprofessional.

The use of generic phrases like “User”, “Member”, and “Customer” instead of your name in emails supposedly sent by businesses whose services you use is another red flag that an email could be malicious. Companies always use names when addressing recipients in emails to customers. However, malicious actors typically lack access to personal data, so they use generic words.

If threat actors have access to a target’s personal information and target them directly, the emails may be much more sophisticated. Such emails would address recipients by name, be mostly mistake-free, and contain details that would lend the email more credibility. Therefore, it is strongly encouraged to scan any unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Malware is frequently spread through torrents. Because torrent websites are often poorly moderated, malicious actors can upload torrents with malware in them. If you use torrents, especially to download copyrighted content for free, you have a significantly higher risk of picking up a malware infection. Torrents for entertainment content (mostly movies, TV series, and video games) often contain malware. Downloading copyrighted content using torrents is technically illegal, so it’s not just dangerous for your computer and data.

Tuis ransomware removal

It is highly recommended that you use anti-virus software to remove Tuis ransomware. Because it’s a sophisticated malware infection, its removal should be left to a professional program. You run the risk of damaging your computer even more if you attempt to manually delete Tuis ransomware. You can start restoring files from your backup once the anti-virus tool has removed the ransomware completely.

The free Djvu/STOP ransomware decryptor from Emsisoft is worth a try if you don’t have a backup of your files. It’s not very likely to work because it only works on ransomware whose encryption keys Emsisoft has, but it’s worth a try. If it does not work, your only option is to wait for a free Tuis ransomware decryptor. As we’ve said above, it’s not certain when a free Tuis ransomware decryptor will be released but that may be your only option. If it does get released eventually, it would be posted on NoMoreRansom.

Tuis ransomware is detected as:

  • Win32:PWSX-gen [Trj] by Avast/AVG
  • UDS: DangerousObject.Multi.Generic by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Trojan:Win32/Sabsik.FL.B!ml by Microsoft
  • GenericRXUK-VO!CFED86651A41 by McAfee
  • A Variant Of Win32/GenKryptik.GBEX by ESET
  • Gen:Variant.Mikey.141749 by BitDefender


Tuis ransomware detections

Quick Menu

Step 1. Delete Tuis ransomware using Safe Mode with Networking.

Remove Tuis ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Tuis ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Tuis ransomware
Remove Tuis ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Tuis ransomware

Step 2. Restore Your Files using System Restore

Delete Tuis ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Tuis ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Tuis ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Tuis ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Tuis ransomware removal - restore message
Delete Tuis ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Tuis ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Tuis ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Tuis ransomware - restore init
  8. Choose the restore point prior to the infection. Tuis ransomware - restore point
  9. Click Next and then click Yes to restore your system. Tuis ransomware removal - restore message


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply