Russian companies were defeated by a ransomware virus

24 June 2019

Troldesh encryption virus attacked Russian companies. Lenta.ru reports, citing Group-IB, that the ransomware's mailing is not yet over.

Letters with Troldesh-virus come signed by airlines (such as Polar Zori), car dealers (such as Rolf), and allegedly from the media (RBC and other well-known). In the messages, the scammers ask to open an attached file-archive that asks for a password. The letter says something about an alleged "order" made by the user. To find out the details, it is necessary to unpack the archive and enter the password. Cybercriminals forge addresses, they have nothing to do with real companies.

Group-IB reports that during the current month, experts found more than 1.1 thousand such phishing emails. During the second quarter of 2019, the total number of messages sent with the virus exceeded six thousand.

российские компании одолел вирус-шифровальщик

The deputy head of CERT-GIB says that since the end of last year more and more often messages with a virus come on behalf of employees of companies of various specializations. Now it's not just banks, as it was before.

The darknet ransomware virus is being sold and rented out. Troldesh has changed its distribution methods and new features with each passing day.

Group-IB first detected this kind of virus activity in 2015. Experts say that by 2018, Troldesh was one of the top three most popular encryption viruses.

Along with Troldesh, the dangerous ransomware viruses are WannaCry and GangCrab.

Encryption viruses, once on your computer, encrypt data, files and photos, as well as other valuable information. The attackers demand a ransom to decrypt the documents back. This type of virus usually just blocks access to the device.