TRU8 Ransomware

The TRU8 Ransomware is a file-locking Trojan that blocks the user's media (documents, pictures, databases, and so on) with secure AES encryption. It's a member of AES-Matrix Ransomware's family and includes features and a ransom note that are characteristic of that group. Users should have backups stored properly for protecting any work files and let their anti-malware services remove the TRU8 Ransomware on sight.

The Matrix Bustling with Trojans isn't Going Anywhere

Sometimes forgotten in the sheer torrent of other Trojan families' campaigns, the AES-Matrix Ransomware is a persistent threat to unprotected businesses and even the average Windows user's home computer. The family of file-locking Trojans still is an active problem in 2021, with recent cases like the M88P Ransomware, the JJLF Ransomware, and the newest example: the TRU8 Ransomware. The TRU8 Ransomware's payload is overall only slightly different from the attacks of even its oldest relatives, such as the Relock Ransomware or the KOK8 Ransomware.

The TRU8 Ransomware explicitly targets Windows environments and uses a secure, AES algorithm (hence the familial name) for stopping the user's media files from opening. The TRU8 Ransomware attacks most formats of documents, images, databases, spreadsheets, audio, and other, common media. It also appends a stereotypical 'extension' onto their names that includes its e-mail address, a bracketed ID and 'TRU8.'

The tradition in AES-Matrix Ransomware's family is creating an RTF ransom note that explains the situation and provides e-mails without any details on the cost of the file-unlocking service. The TRU8 Ransomware holds to this extortion method, although malware analysts suggest against paying. Threat actors may freely transfer fake 'unlocked' files that contain threatening content back to victims or provide non-working decryption tools.

Securing a Server Perimeter against Trojan Business-as-Usual

Although the TRU8 Ransomware may lock files on almost any Windows system, server administrators bear the greatest burden of deflecting any attacks. Malware researchers encourage implementing the following precautions for limiting the TRU8 Ransomware's circulation:

• Use strong passwords that block brute-force attacks
• Update server software as appropriate for removing vulnerabilities
• Secure any RDP features

Users also should disable macros, JavaFlash and Flash when they're unnecessary, and exercise caution around e-mail attachments and obfuscated links that may lead to drive-by-download attacks. Although AES-Matrix Ransomware members are most likely of targeting lucrative business entities or government networks, they also can easily harm a home user's files.

Another valuable defense is setting up backups on other devices, which remove any incentive for paying the ransom. Lastly, malware experts point to most security services' excellent detection rates as proof that cyber-security solutions will delete the TRU8 Ransomware before any encryption happens.

With almost half a decade of attacks, the TRU8 Ransomware's family isn't going anywhere until the ransoms stop flowing. Every Windows user who pays after making a mistake, instead of practicing strict security standards, all but guarantees that malware experts will see more barely-differentiated relatives like the TRU8 Ransomware in the coming days.