Threat Database Ransomware LostTrust Ransomware

LostTrust Ransomware

LostTrust is a specific variant of ransomware that has gained notoriety in the cybersecurity landscape. Its primary objective is to carry out data encryption, rendering the victim's files inaccessible. As part of its encryption process, LostTrust alters file names by appending the '.losttrustencoded' extension to each one. For instance, if a file was originally named '1.jpg,' after being compromised by LostTrust, it would appear as '1.jpg.losttrustencoded.' This naming convention remains consistent as LostTrust encrypts other files, such as '2.png' becoming '2.png.losttrustencoded,' and so on.

Furthermore, LostTrust leaves a digital calling card in the form of a ransom note named '!LostTrustEncoded.txt.' This note serves as a direct communication channel between the attackers and the victim. In this note, the attackers typically demand a ransom for the decryption key or tool needed to regain access to the encrypted files.

LostTrust Ransomware Uses Double-Extortion Tactics

The included note in the ransomware attack communication carries several critical points. It begins by asserting that the attackers have obtained a substantial amount of vital data from the victim's network. To demonstrate their control and willingness to cooperate, the attackers offer to provide a detailed list of the compromised files upon the victim's request. Additionally, they apparently offer to decrypt a limited number of files for free, as long as each file doesn't exceed 5 megabytes in size.

However, it also outlines potential consequences for non-cooperation, which can be severe. These consequences include the public release or sale of the stolen data, ongoing cyberattacks, targeting of the victim's partners and suppliers to extend the impact, and the looming threat of legal actions related to data breaches. These consequences are designed to pressure the victim into complying with the ransom demands.

To facilitate communication and negotiations, the note provides instructions for contacting the attackers through various means, including using the Tor browser for anonymity, engaging in live chat on their website, or utilizing a VPN if Tor access is restricted in the victim's geographical area.

The cybercriminals impose a three-day deadline for the victim to initiate contact. Failure to do so carries grave repercussions, including the permanent destruction of decryption keys, rendering data recovery impossible, as well as the potential publication of the victim's data if third-party negotiators are brought into the equation. This tight deadline further adds to the pressure on the victim to comply swiftly with the attackers' demands.

Implement Robust Security Measures Against Malware Infections

Ensuring the safety of your devices against malware threats is paramount in today's digital landscape. Below are essential steps to protect your devices from these insidious dangers:

Install Reliable Security Software: Start by installing reputable antivirus or anti-malware software on your device. Ensure it offers real-time protection and regular updates to detect and prevent malware infections.

Keep Operating Systems Updated: Regularly update your device's operating system (e.g., Windows, macOS, Android, iOS) and all software applications. Updates often include security patches that protect against known vulnerabilities.

Enable Firewall Protection: Activate your device's built-in firewall or install a third-party firewall to monitor incoming and outgoing network traffic. Firewalls can help block suspicious activity.

Exercise Caution with Messages And Attachments: Be cautious when opening email attachments or clicking on links in emails, especially if they are from unknown or suspicious sources. Many malware infections originate from email attachments.

Beware of Downloads: Only download software and files from reputable sources. Avoid downloading cracked or pirated software, as these are often sources of malware.

Educate Yourself and Be Wary: Stay informed about the latest malware threats and tactics. Be cautious when clicking on pop-up ads, visiting sketchy websites, or downloading files from untrusted sources.

Regularly Back Up Your Data: Create regular backups of your important files and data. Ensure that these backups are stored on an external device or in the cloud and that they are not connected to your main device all the time to prevent ransomware attacks.

Secure Your Wi-Fi Network: Protect your home Wi-Fi network with a strong password and encryption. Regularly change default router passwords and use WPA3 encryption if available.

By following these proactive steps, you can significantly reduce the risk of malware infections and enhance the overall security of your devices and data.

The full text of the ransom note created by LostTrust Ransomware is:

To the board of directors.

Your network has been attacked through various vulnerabilities found in your system.
We have gained full access to the entire network infrastructure.


Our team has an extensive background in legal and so called white hat hacking.
However, clients usually considered the found vulnerabilities to be minor and poorly
paid for our services.
So we decided to change our business model. Now you understand how important it is
to allocate a good budget for IT security.
This is serious business for us and we really don't want to ruin your privacy,
reputation and a company.
We just want to get paid for our work whist finding vulnerabilities in various networks.

Your files are currently encrypted with our tailor made state of the art algorithm.
Don't try to terminate unknown processes, don't shutdown the servers, do not unplug drives,
all this can lead to partial or complete data loss.

We have also managed to download a large amount of various, crucial data from your network.
A complete list of files and samples will be provided upon request.

We can decrypt a couple of files for free. The size of each file must be no more than 5 megabytes.

All your data will be successfully decrypted immediately after your payment.
You will also receive a detailed list of vulnerabilities used to gain access to your network.


If you refuse to cooperate with us, it will lead to the following consequences for your company:

  1. All data downloaded from your network will be published for free or even sold
  2. Your system will be re-attacked continuously, now that we know all your weak spots
  3. We will also attack your partners and suppliers using info obtained from your network
  4. It can lead to legal actions against you for data breaches

!!!!Instructions for contacting our team!!!!
---> Download and install TOR browser from this site : hxxps://
---> For contact us via LIVE CHAT open our website : -
---> If Tor is restricted in your area, use VPN
---> All your Data will be published in 3 Days if NO contact made
---> Your Decryption keys will be permanently destroyed in 3 Days if no contact made
---> Your Data will be published if you will hire third-party negotiators to contact us


Most Viewed