Home Malware Programs Ransomware Troldesh Ransomware

Troldesh Ransomware

Posted: June 3, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 26
First Seen: June 3, 2015
Last Seen: June 16, 2020
OS(es) Affected: Windows

Troldesh Ransomware Screenshot 1The Troldesh Ransomware is a file encryption Trojan that modifies the personal data of your computer as a preliminary to holding it for ransom. After its initial attacks, the Troldesh Ransomware also displays telltale ransom messages and other, readily visible symptoms, including a request to open direct, e-mail communication with its developers. However, there is a degree of inherent unreliability in purchasing decryption services from the persons responsible for the original attacks. As a result, malware experts discourage it, instead recommending using anti-malware products for deleting the Troldesh Ransomware, along with typical file backup strategies.

An Open Conversation with Ransomware Admins

The Troldesh Ransomware is a Russia-based Trojan that also includes functions intended for targeting English-speaking victims, with e-mail spam serving as its current mode of public distribution. Opening the accompanying threatening file attachments installs the Troldesh Ransomware onto the compromised PC, allowing the Troldesh Ransomware to scan your hard drive for personal files (such as pictures, audio or spreadsheets). The Troldesh Ransomware then encrypts them, rearranging the internal data of the files so that they're unreadable. The Troldesh Ransomware includes a file renaming function that could make it difficult to identify any individual files. However, malware experts have noted that all affected files can be found broadly via the use of the '=.xtbl' suffix.

After attacking your files, the Troldesh Ransomware displays a dual English-Russian warning message that redirects you to any of its multiple, instructional text files. The contents of these instructions provide the Troldesh Ransomware's most noteworthy divergence from file encryptors like the Critoni Ransomware: The Troldesh Ransomware requests that the victim make personal, e-mail-based contact with its perpetrators. Previously, malware experts have seen most communication methods using automated forms and payment methods, such as Ukash and Web pages designed for the Tor browser.

Unsurprisingly, the ensuing conversations include the same, ultimate consequences seen in other attacks. The Troldesh Ransomware's admins demand the payment of a triple digit ransom (although they can, in theory, be bargained down) in exchange for the decryption of your personal files. They also offer to decrypt one file for free, along with implementing a strict time limit for the payment.

Keeping a File Hostage Situation from Turning Lethal

Prior communications with the Troldesh Ransomware's administrators have led to fee demands of nearly 300 USD, regardless of the types of personal content being encrypted. Furthermore, there are no guarantees of any additional file encryption following after a victim's payment of this ransom, which is one reason malware experts don't recommend it. Remote file backups, such as using a 'cloud' storage server, can provide robust protection from attacks like the Troldesh Ransomware's payload, which limits its file-encrypting scans to your PC's personal hard drive.

No matter if you choose or not to do anything to recover your files, deleting the Troldesh Ransomware, like all threats, should use dedicated anti-malware tools whenever possible. While symptoms of a Troldesh Ransomware infection should be relatively straightforward to notice, prevention can save your files from unnecessary harm. Scanning e-mail attachments that you don't trust implicitly is one of the quickest ways to keep a would-be Trojan dropper from installing Trojans like the Troldesh Ransomware.

Loading...