Threat Database Ransomware Troldesh Ransomware

Troldesh Ransomware

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: June 3, 2015
Last Seen: June 16, 2020
OS(es) Affected: Windows

Troldesh Ransomware Image

The Troldesh Ransomware is a ransomware infection that was created in Russia. The Troldesh Ransomware is a new threat released in 2015. The Troldesh Ransomware is also known as Encoder.858 and Shade and has been responsible for threat attacks all around the world. The Troldesh Ransomware carries out a similar attack to most encryption threats; the Troldesh Ransomware encrypts the victim's files and then demands payment of a ransom in order to decrypt the files (hence the term 'ransomware'). The Troldesh Ransomware appends the XTBL extension to the end of all the encrypted files. The most common distribution method for the Troldesh Ransomware is through spam email messages containing infected attachments or links.

The Characteristics of the Troldesh Ransomware Attack

One particular characteristic of the Troldesh Ransomware is that the people responsible for the Troldesh Ransomware will communicate directly with victims of these attacks. Although most ransomware attacks use an online page, often through TOR and automated payment methods, the Troldesh Ransomware provides an email address through which third parties communicate with the victim directly and establish the ransom and payment method. This has led to curious situations where victims establish direct conversations with their attackers, negotiating the ransom amount and even obtaining discounts based on this direct correspondence.

How the Troldesh Ransomware Attacks a Computer

The main method of the Troldesh Ransomware attack is encrypting the victim's data and then demanding payment of a ransom to obtain the decryption key. Once the victim's files have been encrypted, the Troldesh Ransomware will display a message on the victim's computer with instructions for payment and the Troldesh Ransomware will rename all the files. This adds an additional layer of inconvenience to the attack, since the Troldesh Ransomware will replace the files' names with random characters and add the XTBL extension. The Troldesh Ransomware will drop text files on the victim's computer with the same payment instructions. The Troldesh Ransomware will drop about twenty copies of the text file on the victim's desktop as well as a copy of this text file on each of the folders containing encrypted files.

Through the dropped text files, the victim is instructed to send a specific code to an included email address. Essentially, the Troldesh Ransomware attacks may have the following characteristics:

  • The Troldesh Ransomware attack displays a warning message on the victim's computer.
  • The Troldesh Ransomware replaces files on the victim's computer with encrypted copies in XTBL format.
  • The Troldesh Ransomware drops text files on the victim's computer. These text files contain information on the attack and contact information for the attackers.

There’s a Real Person on the Other Side of the Troldesh Ransomware Contact Link

After sending the code to the specified email address, computer users will receive an answer with additional instructions. The attackers will instruct the victim to send one of the encrypted files to prove that they can actually decrypt them. This is not an automated answer, unlike most other encryption threats. Prompts to start a conversation have led to real answers, demanding payment in rubles. PC security researchers have negotiated successfully with the attackers. This gives insight into these types of attacks. When dealing with threats, computer users, and PC security researchers may get caught up in the obfuscation and attack methods of these types of threat infections. It is easy to forget that there are always real people behind these attacks, unscrupulous attackers that have no qualms about harassing and attacking computer users in order to turn a profit. Threat attacks may be about manipulating people, rather than technological advances. Social engineering is the single most popular and powerful way of distributing threats. Despite the encryption methods of the Troldesh Ransomware attack, it is easy to forget that the Troldesh Ransomware is distributed using spam email messages that trick inexperienced computer users, using social engineering, to download and install the Troldesh Ransomware in the first place.

Trending

Most Viewed

Loading...