TROLL Ransomware

The TROLL Ransomware is a file-locker Trojan that can block the files on your computer with encryption, an attack that may or may not be reversible. An appropriate and regularly-maintained backup strategy can reduce problems from infections, which target digital media that could be valuable to the victim. Anti-malware products are, similarly, essential for deleting the TROLL Ransomware safely or preventing an installation exploit.

Getting Trolled by Trojan Ransoms

Although a ransoming message is a source of numerous hints about a criminal's motives and other characteristics, it isn't a substitute for hard information. Some Trojan campaigns even use their notes for misleading the victims, which is helpful for the threat actors' avoiding free decryption competition or analysis from the PC security industry. Such is the case with the TROLL Ransomware.

Malware experts are noting incidents of the TROLL Ransomware's targeting Brazil, much like the STOP Ransomware family's Radman Ransomware or the Curumim Ransomware, which is a Hidden Tear spin-off. However, it's ransoming message is an English copy of the Globe Imposter Ransomware family's equivalent text file, which asks for negotiations through e-mail. On the victim's part, the incentive is recovering their data – after the TROLL Ransomware blocks it.

The TROLL Ransomware is targeting typical media formats, such as Word's DOCs, for holding hostage by encrypting them. A more superficial element is the TROLL Ransomware's name change for the file, which adds all-caps 'TROLL' extensions without taking away the original. Although malware researchers see sufficient similarities for suggesting that the TROLL Ransomware is a member of the Maoloa Ransomware's family, this implication requires more verification and could be a coincidental similarity, just like the TROLL Ransomware's ransom note.

Putting the TROLL Ransomware Back under the Bridge

Many of the infection strategies for file-locker Trojans are indiscriminate about the locations of their victims. RDP-scanning and brute-force attacks compromise servers without adequate security protocols in place, while e-mail spam, torrents, and corrupted advertisements may trick users into infecting their PCs by clicking on new files. However, the overwhelming majority of threats of the TROLL Ransomware's classification fail at evading most security software.

Malware experts have limited information on the TROLL Ransomware's cryptography, and it may be using a breakable algorithm or an impenetrable one. Users can test the compatibility of free decryption solutions with copies of their media, or recover from a previous backup. A minority of file-locker Trojan attacks will not delete all of the user's Shadow Copies, which leaves advanced data-restoring options available.

At this time, only Windows PCs are verifiable in the TROLL Ransomware's list of victims. Windows users can protect themselves by scanning any downloads that may not be safe and using anti-malware tools for conducting system scans routinely and deleting the TROLL Ransomware as soon as possible.

Where the TROLL Ransomware heads after Brazil is an inquiry awaiting answers from the Trojan's campaign, readers can, however, hope that anywhere it goes will have backups and other protections in place.