TRAPGET Ransomware

TRAPGET Ransomware Description

The TRAPGET Ransomware is a malware threat that can take as hostage all of the data stored on the victim's computer effectively. The TRAPGET Ransomware, a variant of NEFILIM, achieves its threatening goal by employing encryption algorithms strong enough to be uncrackable virtually. In most cases, when a ransomware threat is involved, the only way to restore the locked files is through the decryption key that only the hackers possess. In rare instances, the infosec community has managed to find a major bug or flaw in the underlying code of the ransomware, which has led to the creation of a free decryption tool for scrambled data. Unfortunately, there is no such tool for TRAPGET.

Victims of TRAPGET will notice that nearly all of their private or business files have a new extension appended to their original filename suddenly - '.TRAPGET.' In addition, a file named 'TRAPGET-INSTRUCTION.txt' containing a ransom note with instructions from the hackers, will be dropped onto the compromised computer.

TRAPGET ransomware is a cyber-threat designed to frustrate and scare victims. The virus uses coercion to get victims to pay the ransom demand. The criminals behind the threat claim to have a decryption tool – the only tool that can undo the encryption. Victims can purchase the decryptor in exchange for cryptocurrency. As with other such threats, the hackers offer to decrypt a few files for the victim to prove that their tool works and build a sense of trust. There is no point in contacting the criminals. Doing so only places you at greater risk, as it opens you up to more infections on your computer.

What Does TRAPGET Do?

TRAPGET ransomware is a virus that extorts money from victims by encrypting the data on a computer. The virus gets into the system unnoticed and can stay there for a while, working in the background. One of the few symptoms that anything is wrong with your computer is that it runs a little slower as the virus uses up resources. Unfortunately, the ransomware doesn’t provide any real indication of infection until it is too late.

The virus targets common file types and files it considers essential. Once those files are encrypted, it drops a ransom demand on the screen. The ransom note also appears in folders with infected files and on the desktop. The message informs victims of their situation and encourages them to make the payment.

The hackers state that they have used military grade algorithms to encrypt the user's data. Three email addresses are provided for contact:


Victims have to send two files for decryption, after which they will supposedly receive further instructions. To include a sense of urgency to their threats, the hackers behind TRAPGET Ransomware threaten to start exposing sensitive data that they have exfiltrated from the compromised computer. The data will be uploaded to a certain website in several parts.

The full text of TRAPGET Ransomware's note is:

'Two things have happened to your company.


All of your files have been encrypted with military-grade algorithms.

The only way to retrieve your data is with our software.

Restoration of your data requires a private key which only we possess.


Information that we deemed valuable or sensitive was downloaded from your network to a secure location.

We can provide proof that your files have been extracted.

If you do not contact us we will start leaking the data periodically in parts.


To confirm that our decryption software works email to us 2 files from random computers.

You will receive further instructions after you send us the test files.

We will make sure you retrieve your data swiftly and securely and that your data is not leaked when our demands are met.

If we do not come to an agreement your data will be leaked on this website.

Website: hxxp://

TOR link: hxxp://hxt254aygrsziejn.onion

Contact us via email:'

The message is written to be as intimidating as possible to convince victims to pay. However, removing the virus starts with not contacting or paying them. Don’t listen to the threats and instead use an antivirus program to remove the infection from your computer.

One thing that makes TRAPGET such a notorious threat is that it does more than just encrypt data. The virus also exfiltrates data, sending it to a server owned and operated by the hackers. This allows them to claim that they will publish sensitive information about a victim if they don’t receive the payment. This technique is becoming more common and is designed to encourage people to pay up and not have their information published.

Security experts agree that paying the ransom is the last thing you should do in the case of a ransomware attack. You could permanently lose your files and lose the money you send to the hackers. The test decryption is often a trick because not even the criminals have the decryption tool. They send you an unencrypted copy of the file they stole from the computer.

There are no known ransom demands for TRAPGET, but ransomware operators typically ask for hundreds of dollars in bitcoin. The amount may reach thousands or even millions in some cases. It is best to remove the ransomware as soon as you can. The ransomware affects several parts of your computer by changing the registry and settings. These changes mean that the ransomware achieves persistence on the computer, but it also opens the door for further attacks.

Your best bet to get your data back is always to remove the virus and restore your files using an external backup.

Malware Spreads Through Malicious Links and Files

Hackers have several ways to distribute malware at their disposal. They rely on methods that scare people and manipulate them into following along with demands. Attackers spread malware as far as possible to infect as many computers as possible.

The most common distribution method for ransomware is spam emails. People receive emails with misleading headlines and subject. The emails claim to be about current events, invoices, or shipping orders. People are compelled to open them without thinking twice.

The emails contain malicious links and attachments. These attachments come in the form of documents, spreadsheets, PDF files, archive files, and executable files. Running the file installs the virus on your computer, and the rest is history. Spam is a lot more dangerous than most people realize. It isn’t worth your time, energy, or the risk of interacting with it.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.