Home Malware Programs Ransomware TrueCrypt Ransomware

TrueCrypt Ransomware

Posted: April 29, 2016

Threat Metric

Ranking: 17,287
Threat Level: 8/10
Infected PCs: 206
First Seen: April 29, 2016
Last Seen: October 7, 2023
OS(es) Affected: Windows

The TrueCrypt Ransomware is a Trojan that blocks the files on your PC by running them through a simple data encryption routine and then profits from selling a corresponding decryptor. Such attacks are capable of causing significant data loss, but malware researchers encourage using other methods of restoring information, rather than paying con artists. Using anti-malware tools to remove a the TrueCrypt Ransomware infection, followed by reverting to a backup, may be the simplest and least expensive solution to both the TrueCrypt Ransomware and other file encrypting attacks.

The File Encryptor that's Helpful in All the Wrong Ways

Innovation in threats isn't always about creating new kinds of attacks or delivery mechanisms. In some cases, such as social engineering-based Trojans like the TrueCrypt Ransomware, these new features can focus on streamlining the experience for the victim. While the TrueCrypt Ransomware accomplishes data-encrypting attacks similar to those of the Xorist Ransomware or the Salam Ransomware, it also includes an in-depth pop-up interface that helps PC users navigate through its ransom process.

The TrueCrypt Ransomware begins, like most Trojans of its kind, by searching your hard drives for common file types not associated with your OS, including DOC, XLS, PPS, BMP and MP3. The TrueCrypt Ransomware continues the overall pattern of file encryptors using new, superficial tags to let victims see which files are encrypted: in this case, the ENC extension. Another component of the TrueCrypt Ransomware, the Encrypted.dat file (dropped in a sub-folder of AppData), also contains a list of all encrypted data. Although the encryption routine is public, the decryption key is private and is transferred over to a remote C&C server.

The TrueCrypt Ransomware then loads the most pertinent part of its payload: ransom messages conducted through both a desktop image and a pop-up program interface. The latter includes detailed navigation instructions for using either Amazon Gift Cards or Bitcoins to pay for a decryption service. Besides the relative depth of the interface, malware experts also noted that the TrueCrypt Ransomware's ransom fees are well below the standard for this type of attack, possibly indicative of its developers' lack of confidence in their 'product.'

The Hidden Truth Behind the TrueCrypt Ransomware's Attacks

The TrueCrypt Ransomware makes its experience as 'user-friendly' as possible for processing payments and even threatens to delete its decryption key after three days. However, all of these details obscure the essential execution problems with its ransom. A major flaw in its code prevents the current version of the TrueCrypt Ransomware for checking for payment ID authenticity, which allows victims to use its built-in decryption function without paying.

Besides that self-defeating oversight, malware experts also can recommend restoring the encrypted files from unencrypted backups whenever trying to recover your data from a file encryptor. Removable hard drive-based devices and Web servers are two of the readiest options for backup preservation that work around the 'pay or lose your files' dilemma posed by these Trojans. In most cases, Windows backups kept on the local hard drive are deleted as part of a standard file-encryption Trojan's payload, although less professionally-designed threats may overlook such resources.

Disinfect your PC and remove the TrueCrypt Ransomware before taking any actions regarding data recovery. Because malware experts have found no self-distributing features including themselves in the TrueCrypt Ransomware's body, scans of your PC may find additional threats, such as a Trojan downloader. The majority of Trojan-installing threats will not show any personal symptoms, but may be preventable by anti-malware scans of unidentified files and browser-based security features, such as script blockers.

Related Posts

One Comment

  • M.Cihan Erdem says:

    hi, i can help you for your .enc or .encrypted extension files, please send me some of your encrypted files with ransom note file.

Loading...