Troldesh Ransomware (.{a_princ@aol.com}.xtbl) - Videos - CheckMAL

Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Distribution Method : Unknown

MD5 : ebcdda10fdfaa38e417d25977546df4f

Major Detection Name : Trojan-Ransom.Win32.Crusis.b (Kaspersky), Ransom_CRYPICH.G (Trend Micro)

Encrypted File Pattern : .{a_princ@aol.com}.xtbl

Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\<Random>.exe

Payment Instruction File : DECPYPT FILES.txt

Major Characteristics :
- Offline Encryption
- CrySis / Phobos Ransomware series
- The Russian users are targeted.
- Changes desktop background (C:\Users\%UserName%\Documents\DECRYPT.jpg)