Threat Database Ransomware Ransomware Ransomware

By CagedTech in Ransomware

The '' Ransomware is a ransomware Trojan that belongs to the Troldesh– also known as Shade – family of threats. The '' Ransomware attacks and other variants in this family can be recognized because of the use of the extensions XBTL or YBTL to identify files that have been encrypted in the attack. Unfortunately, there is currently no method to decrypt the files that have been taken hostage by the '' Ransomware or other ransomware Trojans in this family of threats.

Some Particularities of the '' Ransomware Attack

The '' Ransomware infection is simple to understand and follows a strategy typical of these threats. The usual steps involved in a the '' Ransomware attack include:

  1. The '' Ransomware may enter a computer through deceitful means. In most cases, this means that the '' Ransomware arrives on the victim's computer disguised as another file, often attached to an email message. Because of this, you should take precautions when dealing with any types of email attachments, even if they seem to come from a trusted source or email contact (which may have been compromised or spoofed).
  2. Once the '' Ransomware enters the victim's computer, it establishes a connection with its Command and Control server and begins encrypting the victim's files by using a strong encryption method. The '' Ransomware targets certain file types during its attack, avoiding files that are necessary for Windows to function properly (if Windows fails, then the '' Ransomware has no way of carrying out the next step in the attack).
  3. After encrypting the victim's files by making them inaccessible and essentially taking them hostage, the '' Ransomware will demand the payment of a ransom in exchange for the means to recover the affected files. The '' Ransomware displays a lock screen with the ransom message and also drops ransom notes on the victim's Desktop and other directories on the infected computer.

Some of the file types that the '' Ransomware and other Troldesh variants target in their attacks include:

.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.

Preventing the '' Ransomware Attacks

According to our PC security researchers, the '' Ransomware and other ransomware Trojans require preventive action from computer users. The best protection against the '' Ransomware is to ensure that all files are properly backed up on an external or off-site device. Having the means to recover the affected files takes away the leverage from the con artists carrying out these attacks. It is also important to have a method to prevent the '' Ransomware from entering the computer in the first place or for malicious email attachments to arrive in your email inbox. Our PC security analysts advise the use of reliable, fully up to date security software as well as a reputable anti-spam filter to deal with unsolicited email messages and possible intruders.


Most Viewed