Home Malware Programs Trojans Trojan.Ransomware


Posted: June 21, 2010

Trojan.Ransomware is a generic detection for ransomware Trojans that lock your PC, supposedly until you pay an illegal fine (that can or cannot in fact give you a code to unlock your computer). Many types of Trojan.Ransomware attacks conceal themselves by using messages that pretend to be from a legal authority or to be responding on behalf of some form of criminal activity on the infected computer, but all variants of Trojan.Ransomware should be considered malicious and fraudulent. Although most forms of ransomware take explicit steps to avoid targeting inhabitants of Russia, recent variants of Trojan.Ransomware have been seen targeting Russian citizens as well, and, at the time of this writing, SpywareRemove.com malware researchers note that no country can consider itself safe from Trojan.Ransomware attacks. Like other Trojans, Trojan.Ransomware's removal can be handled by anti-malware products, although the unique attacks involved may require you to disable Trojan.Ransomware first (by using common anti-malware and PC security techniques).

From Russia On Out – and Inside Its Borders Too

Trojan.Ransomware's latest-observed and most-common distribution methods use malicious websites that portray themselves as purveyors of media content – such as popular cinema releases or pornography. Attempting to view this content will lead you to fake download links that supposedly install movie players or movie player-related updates such as codecs, with the ultimate payload resulting in an infection by Trojan.Ransomware or another PC threat. This same method has also been used by Trojan downloaders like Zlob, which can, themselves, install many other forms of hostile software.

As noted earlier, the choice of target countries is a significant aspect of recent Trojan.Ransomware attacks, since many Trojan developers operate under the assumption that Russian law enforcement will ignore them only if they target foreigners. With recent variants of Trojan.Ransomware, Russian-language websites and warning messages have been very evident, leading to the conclusion that some malware developers are throwing caution to the winds in an attempt to garner more victims for ransom money.

Don't Hold Your Breath and Pay the Blue Screen Ransom

Trojan.Ransomware attacks attempt to lock down your computer by displaying a warning message – usually one that claims that your PC is guilty of committing some form of media or file-trafficking crime. However, such warning messages should always be disregarded, and SpywareRemove.com malware experts especially recommend avoiding paying the various ransom fees that Trojan.Ransomware attacks request. Ransom fees often use Ukash or Paysafecard-based transaction methods, although some variants, particularly Russian Trojan.Ransomware attacks, will use premium SMS texts.

To get access to your operating system back from Trojan.Ransomware, SpywareRemove.com malware researchers recommend one of the following tactics:

  • If in Windows, boot to Safe Mode. Reboot your PC and tap F8 until the relevant menu appears, and select either Safe Mode or Safe Mode with Networking.
  • In other cases, boot your PC from a flash drive or other type of removable HD source.

Once you've regained access to your PC, any competent anti-malware program should be able to remove Trojan.Ransomware easily.