Troldesh Ransomware Being Viral – Alerting Threat For SEO

A Search Engine Optimizer bear lots of responsibility other than keyword search, site optimization etc. They have to keep the websites away from security vulnerability and malware attack. Once the a single file of the website get affected with malware it will immediately put affect on site ranking. Now a day a ransomware program is being viral and affecting Windows PC and their stored files like html, php, css, psd, cdr and other. Continue your reading to known about the ransomware and its affect.

About Troldesh Ransomware And Its Affect

These days a Troldesh ransomware program is creating problem in Windows PCs by encrypting files which is also known as Encoder.858. It is causing issues with Windows PC all over the globe but major issues noticed form Russian User. According to Microsoft Security researchers this its a severe threat can turn PC completely useless in a short time. Few researchers has mentioned that it was first published in early 2015 and then after in mid 2016. This noxious ransomware belong to the Win32/Troldesh family of threat. It is is supposed by the researchers that Troldesh is pushed by the Axpergle or Neclu exploit kits in compromised website through which it get into the targeted machine easily. Both of them plays a leading role in its infection chain. Its author also distribute it via e-mail containing infected attachment or link.

Source: https://blogs.technet.microsoft.com/mmpc/2015/08/09/emerging-ransomware-troldesh/

When Troldesh ransomware comes in PC creates few files such as %APPDATA%\windows\crsrss.exe and %TEMP%\state.tmp etc (encryption file used for encryption purpose). Along with this changes registry entries to runs each time you start your machine. After this targets files with opened recently and have extension like .3ds, .cr2, .hta, .pptx, .vbs, .3gp, .htm, .css, .psd, .rar, .jpeg, .txt and other. With this it rename the encrypted file as random character=.xtbl. Suppose you have awesome.png which will becomes dstagasgeteaklfaoue=.xtbl.

Image Curtsy: http://www.virusresearch.org/remove-xtbl-file-extension-ransomware/

After completing encryption process this one drop ransom note in every folder where it does encryption. You will notice note with file name README<number>.txt (for example README56458.txt). You will notice ransom note in both language i.e Russian and English. The message contains instruction to get back files, email id like Vegclass@aol.com, deshifrovka@india.com, deshifrovka01@gmail.com. It also display ransom note as a Wallpaper. To send data and receive commend this one also tries to connect with some remote server such as 131.188.40.189, 194.109.206.212, 86.59.21.38, 208.83.223.34 using ports 443 and 80. The malware researchers recommends to remove Troldesh ransomware in early stage of infection.

Source: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Troldesh

One of our Active Subscriber from Poland raised question.

Czym jest Troldesh? To może wpłynąć na moją pozycję witryny? Jeśli uzyskać wpływ jaki sposób można usunąć?

Z powyższego postu Jestem pewien, że będzie on uzyskać wystarczających informacji na temat tego zagrożenia i wskazówek w celu usunięcia Troldesh.