Titancrypt Ransomware

The Titancrypt Ransomware threat utilizes an uncrackable encryption algorithm to lock the data of its victims. Like most threats of this type, the goal of the attackers is to use the encrypted files as leverage to extort money from the affected users. This particular malware was first identified by the cybersecurity researcher who goes by S!Ri on Twitter.

When activated on compromised devices, Titancrypt will target a wide range of data and leave the victim's files in an unusable state. Each encrypted file will be marked by having '.titancrypt' appended to its original name. Afterward, affected users will be left with two ransom notes with instructions from the hackers. One will be contained inside a text file named '_RECOVER__FILES.titancrypt.txt,' while the other will be presented in a pop-up window.

Demands Overview

The instructions delivered via the ransom-demanding messages of the threat are extremely short. The cybercriminals simply state that their victims must pay a ransom of 20 PLN (Polish Zloty). The amount is worth around $4.50 and should be sent to a discord account (titanware#1405) by using the PaySafeCard prepaid payment service. The particular choice of PLN could either mean that the Titancrypt threat is aimed at users from Poland specifically or the hackers are located in the country.

The ransom message found inside the text file is:

'All of your files have been encrypted.

To unlock them, please send 20PLN PaySafeCard on discord: titanware#1405
Thank you and have a nice day!

The pop-up window contains the following message:

Your files (count) have been encrypted!
In order to recover your data…

Please send 20PLN PaySafeCard and send to me on discord titanware#1405

Good luck 😀'

SpyHunter Detects & Remove Titancrypt Ransomware