TrueCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 87 |
| First Seen: | April 29, 2016 |
| Last Seen: | October 25, 2022 |
| OS(es) Affected: | Windows |
The TrueCrypt Ransomware is a ransomware Trojan that may infiltrate a computer and encrypt the victim's files. The TrueCrypt Ransomware targets commonly used file extensions and changes the encrypted files' extension to '.enc' after encryption. The TrueCrypt Ransomware uses the AES-256 encryption and stores the private key on its Command and Control server, only making it available to the victim after the ransom is paid.
The Infection Process Used by the TrueCrypt Ransomware
After encrypting the victim's files, the TrueCrypt Ransomware changes the victim's desktop image and drops text and HTML files on the victim's computer. The TrueCrypt Ransomware accepts ransom payments using BitCoins and Amazon Gift cards. The TrueCrypt Ransomware's ransom is relatively small compared to other ransomware threats. The ransom is 0.2 BitCoin, currently about $100 USD, or $115 USD in Amazon Gift cards. According to the TrueCrypt Ransomware's ransom message, the payment must occur in the first three days, or the decryption key will be deleted (making it impossible to recover the files).
The Major Flaw in the TrueCrypt Ransomware's Implementation
Fortunately, there is a major flaw in the current implementation of the TrueCrypt Ransomware. If the victims click on the Pay button, even if they have not entered any payment information, the files will be decrypted and the ransomware uninstalled automatically. It is unlikely that this vulnerability will remain in place, but it makes it simple to recover from the TrueCrypt Ransomware that still including this flaw in its coding.
The following is the text used in the TrueCrypt Ransomware ransom note:
If you see this text, probably your computer got encrypted by TrueCrypter. This means all your important files (documents, images, etc.) are now unaccessible and you will lose them forever unless your pay a sum of money to get your decryption key.
The decryption key uses the RSA-2048 algorithm, impossible to crack. Your files will be lost forever without paying.
If you don;t case about your files, just uninstall this software.
If you lost the application because your antivirus deleted it, or you need help, you can contact is on our email:
trueransom_@_mail2tor.com
(You only have 72 hours before your private key will be destroyed, hurry up if you want to save your files!)
TrueCrypt accepts ransom payments in Bitcoins:
The following file extensions are the ones that will be encrypted by the TrueCrypt Ransomware and its known variants:
.7z, .7zip, .arw, .as, .asm, .asp, .aspx, .au3, .avi, .bash, .bat, .bmp, .bookmarks, .bsh, .c, .cbr, .cc, .cer, .cfm, .class, .cmd, .config, .cpp, .cr2, .crw, .cs, .csh, .csproj, .csr, .css, .csv, .cxx, .d, .db, .dcr, .dds, .deb, .dib, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .dtd, .eps, .fla, .fpx, .gif, .gif, .gz, .gzip, .h, .hpp, .hta, .htm, .html, .hxx, .ico, .inc, .inc, .index.ini, .jad, .java, .jfif, .jpe, .jpeg, .jpg, .js, .jsm, .json, .jsp, .jss, .jsx, .kix, .lex, .litcofee, .lpr, .lua, .m, .mov, .mp3, .mp4, .mrw, .msg, .mx, .nef, .ods, .odt, .odt, .org, .p, .pages, .pas, .pcd, .pdf, .pdn, .php, .php3, .php4, .php5, .phps, .phpt, .phtml, .pkg, .pl, .pm, .pmx, .png, .pot, .potm, .potx, .pp, .ppam, .ppsm, .ppsx, .pptm, .pptx, .prproj, .ps, .ps1, .psd, .psm1, .ptx, .pwi, .py, .pyc, .pyw, .r, .raf, .rar, .raw, .rb, .rbw, .rc, .reg, .resx, .rpm, .rss, .rtf, .rtf, .rw2, .s, .scpt, .sh, .sh, .shtml, .sitx, .sldm, .sldx, .sln, .splus, .sql, .sqlite, .sqlite3, .src, .swift, .sxc, .tar, .tar.gz, .tga, .tga, .thmx, .tif, .tiff, .ts, .tsv, .tsx, .txt, .vb, .vbs, .vcxproj, .veg, .wmw, .wpd, .wps, .xcodeproj, .xht, .xhtm, .xhtml, .xls, .xlsx, .xml, .zip, .zipx, pps, ppt, xlam, xlsb, xlsm, xltm, xltx.
Even if the TrueCrypt Ransomware's flaw were not present, PC security researchers strongly advise against paying its ransom amount. Paying the ransom demanded by these threats enables con artists to continue creating these threats to take advantage of computer users. The best method to ensure that threats like the TrueCrypt Ransomware become unprofitable is to backup all files using a reliable method, preferably on an external memory device. This will allow an easy recovery of the encrypted files without needing the decryption key.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.