Security researchers at Checkpoint have recently discovered a new ransom threat dubbed Troldesh. It is also known as Encoder.858 and Shade, and is a Trojan and crypto-ransomware variant. It has been created in Russia and has already affected numerous users around the globe. The Troldesh ransomware typically encrypts the user’s personal files and extorts money for their decryption.
Troldesh Ransomware Description and Contamination Process
Besides the typical ransom features present in Troldesh, a distinctive characteristic is also found. The creators of Troldesh communicate with the victim directly by providing an email address used to determine the payment method.
After the malicious threat is activated via opening a corrupted email message, it will start encrypting the user’s files with the extension .xbtl. Not only are files encrypted but their names are also scrambled. After the encryption process has finished, the victim is displayed a ransom message and is being redirected to a ‘readme’ text for further information.
Users are advised not to pay the ransom since their files may not be restored. There are reported cases of victims paying the ransom without having their files decrypted. The best ‘cure’ for ransomware is having important data previously backed up on an external storage device or in a cloud.
Interestingly enough, a researcher at Checkpoint have contacted the criminals via the provided email address. After negotiating with them, the crooks agreed to lower the ransom to €118 / $131, payable via QIWI money transfer system.
STF security experts remind that similar scenarios have happened. TeslaCrypt creators also agreed to offer discounts on file decryption. There were even cases of decryption keys provided without payment.
Troldesh Ransomware Removal Options
Affected users may want to download a powerful anti-malware tool to scan the system and remove the ransomware. However, files can be restored if a backup is present. That is why the best precaution against file encrypting threats is periodically backing up crucial data.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter