Ransomware Research
Tilde Ransomware
Tilde is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on July 1, 2016, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Simple_Encoder.
Quick Facts
- Ransomware Family
- Tilde
- First Seen
- July 1, 2016
- Known Aliases
- Simple_Encoder
How Tilde Ransomware Works
File Encryption Patterns
Tilde modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..~
Ransom Note and Payment Demands
After encrypting files, Tilde displays ransom notes demanding payment for file recovery:
_RECOVER_INSTRUCTIONS.ini
Ransom message:
notes/_RECOVER_INSTRUCTIONS.ini
Note locations:
EveryFolder
Ransom message:
notes/img.bmp
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Tilde ransomware:
files.exe
passport.exe
test.exe
165f6a9f94265fff_test.exe
Tilde Ransomware.exe
1.exe
encoder_bin.exe
crypt.exe
Elastio Can Help You
Don't let Tilde ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Tilde ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Tilde.
Last updated: July 30, 2025