Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Troldesh Ransomware and Restore Encrypted Data

Security researchers at Checkpoint have recently discovered a new ransom threat dubbed Troldesh. It is also known as Encoder.858 and Shade, and is a Trojan and crypto-ransomware variant. It has been created in Russia and has already affected numerous users around the globe. The Troldesh ransomware typically encrypts the user’s personal files and extorts money for their decryption.

Download a System Scanner, to See If Your System Has Been Affected By Troldesh.

Affected files include the extension .xtbl. Troldesh is distributed via spam email messages. To stay safe, users are advised not to open anything suspicious by unknown senders.td1

Troldesh Ransomware Description and Contamination Process

Besides the typical ransom features present in Troldesh, a distinctive characteristic is also found. The creators of Troldesh communicate with the victim directly by providing an email address used to determine the payment method.

After the malicious threat is activated via opening a corrupted email message, it will start encrypting the user’s files with the extension .xbtl. Not only are files encrypted but their names are also scrambled. After the encryption process has finished, the victim is displayed a ransom message and is being redirected to a ‘readme’ text for further information.

Users are advised not to pay the ransom since their files may not be restored. There are reported cases of victims paying the ransom without having their files decrypted. The best ‘cure’ for ransomware is having important data previously backed up on an external storage device or in a cloud.

Interestingly enough, a researcher at Checkpoint have contacted the criminals via the provided email address. After negotiating with them, the crooks agreed to lower the ransom to €118 / $131, payable via QIWI money transfer system.

STF security experts remind that similar scenarios have happened. TeslaCrypt creators also agreed to offer discounts on file decryption. There were even cases of decryption keys provided without payment.

Troldesh Ransomware Removal Options

Affected users may want to download a powerful anti-malware tool to scan the system and remove the ransomware. However, files can be restored if a backup is present. That is why the best precaution against file encrypting threats is periodically backing up crucial data.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

  • Jaison

    I am facing the same issue… They have asked for 150 Euros… And data is very important, I dont even have backup. If i pay ransom is there any possibility of decrypting my data? they have offered me to decrypt on file before payment. upon receiving payment they have promised to send program to decrypt my data with key

    • Marlon

      Estoy en las mismas Jaison, si tan solo hubiera una forma para desincriptar los archivos.. seria lo máximo porque necesito mis datos, A los investigadores de seguridad checkpoint o los del foro les quiero preguntar si ¿se podrán descifrar los archivos? si o no

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.