TRUST Ransomware
The TRUST Ransomware aims to infect the user's computer, engage an encryption routine, and then lock a large array of filetypes rendering them both inaccessible and unusable. Victims will then be extorted for money if they want to receive the decryption key and tool from the cybercriminals behind the TRUST Ransomware. The TRUST Ransomware is a new variant from the VoidCrypt Ransomware family. It follows the typical behavior of a threat of this type.
One of the earliest signs that something is wrong can be found in the names of the locked files. The TRUST Ransomware changes the original names drastically by appending an email address, a unique ID for the victims and a new file extension. The email address it uses is 'getthekey@tutanota.com' while the extension is '.TRUST.' A note with instructions will be left on the Desktop inside a text file named 'Decrypt-me.txt.'
TRUST Ransomware's Demands
According to the note, victims should first locate a file under the name 'prvkey*.txt.key' and sent it to the TRUST Ransomware operators. The asterisk symbol could be substituted with a number in the actual name. This file is vital for the restoration of the data so tampering with it could lead to permanent loss, at least that is what the hackers state. Victims can also attach a couple of small files, less than 1MB in size, to the message that will supposedly be decrypted for free. The message contains two email addresses that can be used as communication channels - 'getthekey@tutanota.com' and 'gthekey@aol.com'
The full set of instructions dropped by TRUST Ransomware is:
'All Your Files Has Been Encrypted
You Have to Pay to Get Your Files Back
1-Go to C:\ProgramData\ or in Your other Drives and send us prvkey*.txt.key file , * might be a number (like this : prvkey3.txt.key)
2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data
3-Payment should be with Bitcoin
4-Changing Windows without saving prvkey.txt.key file will cause permanete Data lossOur Email:getthekey@tutanota.com
in Case of no Answer:gthekey@aol.com.'
