TOMLE ransomware is designed to encrypt your personal files and personal documents. TOMLE ransomware requests bitcoin cryptocurrency to recover the encrypted files. The ransom charge varies from different versions of the TOMLE ransomware.
TOMLE ransomware encrypts files on your computer and adds a string of unique characters to the extension of the encrypted files. For example, image.jpg becomes image.jpg.TOMLE
The decrypt text-file with instructions is placed on the Windows desktop: DECRYPT-FILES.txt
In most cases, it is not possible to recover the files encrypted by TOMLE ransomware without the intervention of the Ransomware developers.
The only way to recover files infected by TOMLE ransomware is to pay the ransomware developers. Sometimes it is possible to recover your files but this is only possible when the ransomware developers made a flaw in their encryption software, which unfortunately doesn’t occur frequently.
I do not recommend paying for the TOMLE ransomware, instead, make sure you have a valid FULL back-up of Windows and restore it immediately.
Having said that there are no tools at this moment to restore your encrypted personal files or documents that are encrypted by the TOMLE ransomware. Although you might want to try to restore encrypted files. In more sophisticated ransomware the decryption key used to recover your files is server-side meaning the decryption key is only available from the ransomware developers. In order to remove the file that downloaded the ransomware files to your computer, you can remove the TOMLE ransomware file with Malwarebytes. Malwarebytes instructions to remove TOMLE ransomware files can be found in this instruction.
Try to decrypt files using online tools
You can try to restore your encrypted files using the ID Ransomware decrypt tools. In order, to proceed you need to upload one of the encrypted files and identify the ransomware that infected your computer and encrypted your files.
If a TOMLE ransomware decryption tool is available on the NoMoreRansom site, the decryption information will show you how to proceed. Unfortunately, this almost never works out. Worth the try.
Note: Malwarebytes will not restore or recover your encrypted files, it does, however, remove the TOMLE virus file that infected your computer with the TOMLE ransomware and downloaded the ransomware file to your computer, this is known as the payload file.
It is important to remove the ransomware file if you are not reinstalling Windows, by doing so you will prevent your computer from another ransomware infection.
Once completed, review the TOMLE ransomware detections.
Click Quarantine to continue.
Reboot Windows after all the detections are moved to quarantine.
You have now successfully removed TOMLE Ransomware file from your device.
Remove malware with Sophos HitmanPRO
In this second malware removal step, we will start a second scan to make sure there are no malware remnants left on your computer. HitmanPRO is a cloud scanner that scans every active file for malicious activity on your computer and sends it to the Sophos cloud for detection. In the Sophos cloud both Bitdefender antivirus and Kaspersky antivirus scan the file for malicious activities.
