TRSomware Ransomware

The TRSomware Ransomware is one of the newest file-locking Trojans spotted by malware analysts. This threat does not appear to be a variant of an already existing ransomware threat, and thus it is likely that the authors of the TRSomware Ransomware may have created it from scratch.

Propagation and Encryption

It is likely that the creators of the TRSomware Ransomware are relying on malvertising campaigns, torrent trackers, fake application updates and downloads, bogus pirated variants of popular media or software, or, the most common method, spam emails. The latter technique is popular particularly and consists of an email containing a fraudulent message and a corrupted attachment. Once opened, the attached file would allow the ransomware threat to infiltrate the system of the user. The TRSomware Ransomware is likely targeting a very long list of file types to ensure that there is significant enough damage done so that the user would consider paying the ransom fee. This means that .mp3, .mp4, .doc, .docx, .xls, .xlsx, .jpeg, .jpg, .gif, .png, .pdf, .rar, .ppt, .pptx, .mov and many other file types will be locked by the TRSomware Ransomware surely.

To lock the targeted data, the TRSomware Ransomware applies a sophisticated encryption algorithm. Users affected by the TRSomware Ransomware will notice that their files' names have been altered after the attack. The TRSomware Ransomware adds a '.TRSomware[is_back__New-Algorithm__By_MaMo434376]' extension at the end of the filenames of all the locked files. This means that a file that the victim had named 'warm-winter.mp3' will be renamed to 'warm-winter.mp3.TRSomware[is_back__New-Algorithm__By_MaMo434376]' once the TRSomware Ransomware has locked it.

The Ransom Note

The TRSomware Ransomware drops a ransom note on the user's desktop once it has completed its encryption process. The note is called 'Beni Oku!!!.txt,' which translates to 'Read Me!!!.txt' in English. The entire ransom message of the attackers is in Turkish. This makes malware researchers believe that the TRSomware Ransomware is likely targeting Turkish users, mainly. In the note, the authors of the TRSomware Ransomware state that they demand $300 as a ransom fee. However, users who contact them within 24 hours of the attack taking place would receive a 50% discount, meaning that the price will be dropped to $150. The attackers' preferred method of communication is via email. The creators of the TRSomware Ransomware have provided an email address where they can be contacted - ‘yardimail1@aol.com.'

Malware analysts advise users against getting in touch with cybercriminals. Most cyber crooks lose interest in cooperating with their victims as soon as they receive the payment required. This is why a large number of ransomware victims end up empty-handed even if they pay the fee required. This is why it is advisable to look into obtaining a legitimate anti-virus suite that will remove the TRSomware Ransomware from your PC. Furthermore, make sure you update all the software present on your system regularly.