Encrypts and mines - a new attack Trojan Troldesh

The events that took place in Troldesh are massive: it was registered on November 1, 2018 (on behalf of a large bank). February was marked by a leapfrog from the brands: Troldesh pretended to be all contractors.

In 2000, mailings per day and they are continued.

Kroltolker Troldesh in this campaign not only encrypts. While you save money for decryption, you get your master crypt. The fact that we have cryptographic functions, In addition, from the infected computer, it sends itself further

A new mailing technique is used. Usually in Troldesh there is a wide list of companies in various industries - retail, wholesale, oil and gas, construction. Letters from top managers.

Unlike the early tricks of the cryptographer, the letters were written and executed correctly. Usually look like mailing banking Trojans.

In the mailing involved a fairly large-scale infrastructure. So, as a rule, the black market operates on the market, where it is easier and cheaper to use the services of someone who owns a network of hundreds and thousands of different devices controlled by him (no matter what). The owner of a botnet network, issues related to the delivery of malware.

Troldesh is a cryptographer requiring money to decrypt files. The Troldesh kryptolker encrypts files in an infected form and requires payment from the user to restore access to the information. In Group-IB it is reported that Troldesh is the most popular cryptographer lately, with the result of work on the response team, Group-IB (incident response) has been confronted in at least 7 incidents in 2018.

Source: zen.yandex.ru