Threat Database Ransomware TROLL Ransomware

TROLL Ransomware

By GoldSparrow in Ransomware

A new ransomware threat has been circulating the Web recently. It is called TROLL Ransomware and does not seem to be a variant of any of the popular ransomware threats.

Malware experts have not been able to conclude how the TROLL Ransomware is being propagated. Some speculate that the infection vectors employed in the spreading of the TROLL Ransomware may be the ones we all know too well – bogus software updates, infected pirated copies of popular software, and spam email campaigns with infected attachments. When the TROLL Ransomware successfully gains access to a targeted system, it will scan the files present on the machine. Then, the TROLL Ransomware will determine the locations of the files which it was programmed to go after. The next step of the attack is the encryption process. When the TROLL Ransomware locks a file, it alters its extension.

The TROLL Ransomware will add a ‘.TROLL’ extension at the end of the name of the file. For example, a file that was initially named ‘golden-ring.gif’ will be renamed to ‘golden-ring.gif.TROLL’ when this data-locking Trojan is done encrypting it. The next step is dropping the ransom note. The TROLL Ransomware’s ransom note is named ‘HOW TO BACK YOUR FILES.txt’ and has a step by step instruction on how to supposedly unlock your files. The attackers offer the victim to unlock a few files free of charge so that the user is convinced that the authors of the TROLL Ransomware can reverse the damage they have done. The creators of this file-encrypting Trojan warn the user against attempting to decrypt the files themselves because they claim this will damage the data beyond repair. Then, the authors go on to provide an email address – ‘’.

We advise you to keep your distance from cybercriminals like the ones that are responsible for the TROLL Ransomware. They are not trustworthy individuals. Instead, you should look into installing a reputable anti-malware application and use it to clear your system of the TROLL Ransomware.

Related Posts


Most Viewed