Remove Trun Ransomware and Restore .trun Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove Trun Ransomware and Restore .trun Encrypted Files

shutterstock_278999798

A new ransomware is infecting computers around the Web. Its name is Trun, and it adds an extension with the same name to files after encrypting them.

The ransomware aims to encrypt files with widely-used extensions. To remove it and see if you can decrypt your files, you should carefully read the whole article.

NameTrun Ransomware
TypeRansomware
Short DescriptionThe ransomware encrypts files with an RSA algorithm and asks for a ransom to be paid for decrypting them.
SymptomsFiles are encrypted and cannot be accessed. A file with instructions for paying the ransom appears.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks
Detection toolDownload Malware Removal Tool, to See If Your System Has Been Affected by Trun Ransomware
User Experience Join our forum to discuss Trun Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Trun Ransomware – Delivery

The Trun ransomware uses a few methods for delivery to infect computers. One of them is through spam emails containing malicious files as attachments. Opening such an attachment automatically lets the malware inside a computer. Malicious code may be secretly put into the body of the email. So, just by opening such emails, you can get infected, even without opening an attachment.

Other delivery methods are via social networks and file sharing services, which may have the same attachments and files containing the Trun ransomware. It might be disguised as useful software, a needed update or something of the sort. Visiting unknown sites and redirects may lead to the malware infection as well.

Trun Ransomware – Technical Information

Trun is classified by researchers as ransomware. It is detected by some anti-malware programs as BAT/Agent.435. Once your computer is infected with it, the ransomware does a preparation before starting the encryption process. There is a Trojan horse which puts the following files in your computer:

  • three .cmd files
  • a .js file
  • 4077430c_trun.KEY file
  • trun.KEY file
  • CONFIRMATION.KEY file
  • trun.txt file

The Trojan may also set an entry in the Windows Registry to start automatically with every boot of Windows. This is the location where such an entry is usually set:

→HKLM/Software/Microsoft/Windows/CurrentVersion/Run/

Trun spreads copies of the text file containing instructions for paying the ransom. The email left for contacting the cyber-criminals is [email protected]. Contacting them to pay for a possible decryption of your files is not advised for a number of reasons. There is no certainty your files are going to be decrypted if the key is even sent to you after payment. Also, if you pay ransomware creators, they will only come back with a worse version of the malware and a stronger encryption.

Next, Trun ransomware is known to search for and encrypt files with these extensions:

→ .doc, .txt, .xls, .xlsx, .xml, .docx, .html, .jpg, .js, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .sql

This is not a full list as there might be other file extensions that can be encrypted. It sets the file extension of all encrypted files to .trun. Hence, its name is Trun. The encryption algorithm of the ransomware, according to its own instruction note, is an RSA one.

The Trun ransomware is of Russian origin, but it has hit users around the world.

At this moment, it is unknown if Shadow Volume Copies are deleted from the Windows operating system, but it is highly likely. Thus, after removing the ransomware, you should see the 4th section of the instructions written below for a few ways in which you can try restoring your files.

Remove Trun Ransomware and Restore .trun Encrypted Files

If you have been infected by Trun, you should have at least a little experience in removing malware. This ransomware can lock your files irreparably, so it is highly recommended that you act fast and follow the step-by-step guide provided down here:

1. Boot Your PC In Safe Mode to isolate and remove Trun Ransomware
2. Remove Trun Ransomware with SpyHunter Anti-Malware Tool
3. Back up your data to secure it against infections and file encryption by Trun Ransomware in the future
4. Restore files encrypted by Trun Ransomware
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the Trun Ransomware threat: Manual removal of Trun Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...