Saturday, June 22, 2024

New Ransomware Attack Failed to Decrypt Files Even After Ransom Paid Due to Hackers Coding Error

A Brand new ransomware attack widely distributed and infect the users based on their geolocation by checking the infected device IP address.

Malware authors designed this ransomware to avoid encrypting files for specific countries such as Russia, Belarus, and Kazakhstan.

If the Windows users infected by this Ransomware, it tries to find the device location whether the victim belongs to Russia else if the Russia regional parameters are set in the system preferences to avoid the encryption.

Due to the Malware authors coding error, it encrypts the files regardless of the device location even the victims belongs to encryption whitelisted countries.

This ransomware discovered Trojan.Encoder.25129 by Dr.Web security experts and cybercriminals claims that victims can restore the encrypted files but their code errors make impossible to decrypting the infected files that corrupted by an encoder.

Also Read: RansomwareAttack Response and Mitigation Checklist

How does this Ransomware Attack works

This ransomware mainly distributed through Social media that contains a malicious Payload and also it distributed through network shares.

Spam Emails is another distribution medium that contains embedded links and attached malicious files that carried the payload eventually infect the victim when victims open and execute it.

Initially, it using Windows Task Manager to installs itself and start its encryption process on the specific folders.This ransomware is not capable of encrypting the files that exceed 30,000,000 bytes (about 28.6 MB).

According to D.Web report,  Once the encryption is over, the “123” value is written into the %ProgramData%\\trig file. The Trojan then sends a request to the iplogger website. The website address is hardcoded into the program’s body. The malicious program then displays a window with ransom demands.

It using AES-256 algorithm to encrypt the files later it adds “.tron”  file extension in each files the once this ransomware complete its encryption process.

cybercriminals demand differs from 0.007305 to 0.04 Btc and also this ransomware provides 10 days deadline to pay the ransom amount if the time will exceed the victims have no longer access to their files.


  • de74dd60ba3448b072f03ad80001f6a903f60b60

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles