'.trun File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 4 |
| First Seen: | February 8, 2016 |
| Last Seen: | January 5, 2023 |
| OS(es) Affected: | Windows |
The '.trun File Extension' Ransomware is one of the countless ransomware Trojans that have been spotted in the wild since early 2016. The '.trun File Extension' Ransomware seems to be one of the many variants of TeslaCrypt, a threatening ransomware that has been used to attack computers since late 2014. This resurgence of TeslaCrypt variants such as the '.trun File Extension' Ransomware is related probably to the release of the version 3.0 of this threatening ransomware Trojan. PC security analysts had been able to find ways to obtain the decryption key from TeslaCrypt infections. This new version fixes that vulnerability, making it more difficult for computer users to recover their files after an infection. The '.trun File Extension' Ransomware and countless variants of this threat may be related to the RaaS (Ransomware as a Service) implementation added to this newest version of TeslaCrypt.
How the '.trun File Extension' Ransomware may Attack a Computer
Ransomware Trojans like the '.trun File Extension' Ransomware typically follow the same attack pattern when infecting a computer. The '.trun File Extension' Ransomware may be delivered using threatening email attachments by using targeted email messages designed to trick inexperienced computer users into opening their attachment or clicking on an embedded link. Once the corrupted file has been opened, the '.trun File Extension' Ransomware scans the victim's computer in search for files that match a list of extensions in its configuration files. The '.trun File Extension' Ransomware and other TeslaCrypt variants search for the following files (with new file extensions added in new updates):
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.
The '.trun File Extension' Ransomware's attack consists of using AES encryption to encrypt all files it finds. The '.trun File Extension' Ransomware received this named because it changes the extension of the encrypted files to TRUN. Once the '.trun File Extension' Ransomware has encrypted a file, it is almost impossible to recover it without access to the decryption key, which is not stored on the victim's computer but, instead, is stored on the '.trun File Extension' Ransomware's Command and Control server. As part of its attack, the '.trun File Extension' Ransomware also will delete Shadow Volume copies of encrypted files and disable System Restore or other features that could be used to recover the files.
The '.trun File Extension' Ransomware and other TeslaCrypt variants tend to use a ransom message with a content similar to the one below:
Your personal files are encrypted!
Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click "Show Encrypted Files" button to view a complete list on encrypted files, and you can personally verify this.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.