Friday, February 14, 2025
HomeComputer SecurityNew Ransomware Attack Failed to Decrypt Files Even After Ransom Paid Due...

New Ransomware Attack Failed to Decrypt Files Even After Ransom Paid Due to Hackers Coding Error

Published on

SIEM as a Service

Follow Us on Google News

A Brand new ransomware attack widely distributed and infect the users based on their geolocation by checking the infected device IP address.

Malware authors designed this ransomware to avoid encrypting files for specific countries such as Russia, Belarus, and Kazakhstan.

If the Windows users infected by this Ransomware, it tries to find the device location whether the victim belongs to Russia else if the Russia regional parameters are set in the system preferences to avoid the encryption.

Due to the Malware authors coding error, it encrypts the files regardless of the device location even the victims belongs to encryption whitelisted countries.

This ransomware discovered Trojan.Encoder.25129 by Dr.Web security experts and cybercriminals claims that victims can restore the encrypted files but their code errors make impossible to decrypting the infected files that corrupted by an encoder.

Also Read: RansomwareAttack Response and Mitigation Checklist

How does this Ransomware Attack works

This ransomware mainly distributed through Social media that contains a malicious Payload and also it distributed through network shares.

Spam Emails is another distribution medium that contains embedded links and attached malicious files that carried the payload eventually infect the victim when victims open and execute it.

Initially, it using Windows Task Manager to installs itself and start its encryption process on the specific folders.This ransomware is not capable of encrypting the files that exceed 30,000,000 bytes (about 28.6 MB).

According to D.Web report,  Once the encryption is over, the “123” value is written into the %ProgramData%\\trig file. The Trojan then sends a request to the iplogger website. The website address is hardcoded into the program’s body. The malicious program then displays a window with ransom demands.

It using AES-256 algorithm to encrypt the files later it adds “.tron”  file extension in each files the once this ransomware complete its encryption process.

cybercriminals demand differs from 0.007305 to 0.04 Btc and also this ransomware provides 10 days deadline to pay the ransom amount if the time will exceed the victims have no longer access to their files.

IOC – SHA1:

  • de74dd60ba3448b072f03ad80001f6a903f60b60
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

WinZip Vulnerability Allows Remote Attackers to Execute Arbitrary Code

A newly discovered vulnerability in WinZip, a popular file compression and archiving utility, has...

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly...

Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing...

Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website

A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Palo Alto Firewall Flaw Exploited in RA World Ransomware Attacks

A recent ransomware attack leveraging a vulnerability in Palo Alto Networks' PAN-OS firewall software...

ZeroLogon Ransomware Exploits Windows AD to Hijack Domain Controller Access

A newly intensified wave of ransomware attacks has surfaced, leveraging the infamous ZeroLogon vulnerability...

Cl0p Ransomware Hide Itself on Compromised Networks After Exfiltrate the Data

The Cl0p ransomware group, a prominent player in the cybercrime landscape since 2019, has...