Truke Ransomware

Cybersecurity researchers have uncovered a new data-encrypting Trojan recently. It is called the Truke Ransomware, and it is a part of the infamous STOP Ransomware family that has been plaguing the Internet for years now.

Malware experts have not yet concluded as to how the Truke Ransomware is being propagated. However, it has been speculated that the authors of the Truke Ransomware may be using faux application updates, infected pirated software, and the tried and tested spam email campaigns to spread their creation. When the Truke Ransomware manages to gain access to a computer, it will start the attack by performing a scan. This is done to identify the locations, which this file-locking Trojan will encrypt. Then, the Truke Ransomware will begin the encryption process. When this threat locks a file, it alters its name too.

The Truke Ransomware will add a ‘.truke’ extension at the end of the filenames of the affected files. For example, a file, which was named ‘yellow-umbrella.mp3’ previously will be renamed to ‘yellow-umbrella.mp3.truke’ when the Truke Ransomware finishes encrypting it. The next step is dropping the ransom note. The ransom note of the Truke Ransomware is called ‘_readme.txt,’ which is in unison with most of the STOP Ransomware variants. The authors of the Truke Ransomware give out an email address where they expect the victim to contact them – ‘ferast@firemail.cc.’

There have been victims confirmed in the Philippines, as well as in India already. We recommend veemently that you stay away from cybercriminals like the individuals responsible for the Truke Ransomware. They will likely promise you to decrypt all the locked data if you pay them a hefty sum, but these scenarios often end up with the victim left empty-handed and the attackers riding into the sunset with the user’s hard-earned cash. A much safer approach would be to download and install a reputable anti-virus software suite and use it to clear your system of the Truke Ransomware.