Remove Troldesh Ransomware and Restore Encrypted Data - How to, Technology and PC Security Forum |

Remove Troldesh Ransomware and Restore Encrypted Data

Security researchers at Checkpoint have recently discovered a new ransom threat dubbed Troldesh. It is also known as Encoder.858 and Shade, and is a Trojan and crypto-ransomware variant. It has been created in Russia and has already affected numerous users around the globe. The Troldesh ransomware typically encrypts the user’s personal files and extorts money for their decryption.

Download a System Scanner, to See If Your System Has Been Affected By Troldesh.

Affected files include the extension .xtbl. Troldesh is distributed via spam email messages. To stay safe, users are advised not to open anything suspicious by unknown senders.td1

Troldesh Ransomware Description and Contamination Process

Besides the typical ransom features present in Troldesh, a distinctive characteristic is also found. The creators of Troldesh communicate with the victim directly by providing an email address used to determine the payment method.

After the malicious threat is activated via opening a corrupted email message, it will start encrypting the user’s files with the extension .xbtl. Not only are files encrypted but their names are also scrambled. After the encryption process has finished, the victim is displayed a ransom message and is being redirected to a ‘readme’ text for further information.

Users are advised not to pay the ransom since their files may not be restored. There are reported cases of victims paying the ransom without having their files decrypted. The best ‘cure’ for ransomware is having important data previously backed up on an external storage device or in a cloud.

Interestingly enough, a researcher at Checkpoint have contacted the criminals via the provided email address. After negotiating with them, the crooks agreed to lower the ransom to €118 / $131, payable via QIWI money transfer system.

STF security experts remind that similar scenarios have happened. TeslaCrypt creators also agreed to offer discounts on file decryption. There were even cases of decryption keys provided without payment.

Troldesh Ransomware Removal Options

Affected users may want to download a powerful anti-malware tool to scan the system and remove the ransomware. However, files can be restored if a backup is present. That is why the best precaution against file encrypting threats is periodically backing up crucial data.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:


  1. AvatarJaison

    I am facing the same issue… They have asked for 150 Euros… And data is very important, I dont even have backup. If i pay ransom is there any possibility of decrypting my data? they have offered me to decrypt on file before payment. upon receiving payment they have promised to send program to decrypt my data with key

    1. AvatarMarlon

      Estoy en las mismas Jaison, si tan solo hubiera una forma para desincriptar los archivos.. seria lo máximo porque necesito mis datos, A los investigadores de seguridad checkpoint o los del foro les quiero preguntar si ¿se podrán descifrar los archivos? si o no


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share