Troldesh is ransomware that infiltrates your computer via an infected email, encrypt your files and demands payment in order to provide a decryption code. What’s unique about that virus, however, is that a security researcher succeeded in bargaining the ransom fee with the hacker who has created Troldesh.
How Does Troldesh Ransomware Work?
Troldesh is also known as Encoder.858 or Shade, and once inside your system, it automatically locks your files. An extension .xbtl is added to each encrypted file.
Unlike other ransomware programs that display a warning message the minute they get activated on your system, Troldesh generates a message with instructions only after you try to open any of your encrypted files.
The message usually tells your files are not available until you pay the required amount. Paying the ransom, however, is not the solution. There are reported cases when the ransom has been paid, but the victim never received a decryption fee, or the files have been temporarily unlocked and soon after that the victim received the same warning – that their files are blocked and a payment is required.
Troldesh Hacker Open to Negotiations
Soon after Troldesh gained popularity, Natalia Kolesova, a Russian anti-bot analyst at Check Point, managed to initiate contact with the Russian hacker behind Troldesh.
The ransom fee she was asked to pay was €250. However, she wrote an email to the provided email address and pleaded for a discount. To her surprise, the hacker was open to a discussion and replied.
“By the end of our correspondence, I managed to get a discount of 50 percent,” Kolesova said. “Perhaps if I had continued bargaining, I could have gotten an even bigger discount.”
How to Remove Troldesh without Paying the Ransom
The best way to stay safe against any type of threat is to have your files backed up and to have a powerful anti-malware tool installed.
If your system has already been infected by Troldesh, however, you can still remove it and have your files decrypted without paying the ransom. Simply download a trustworthy anti-virus program that will perform a full system scan, detect the infection and remove it permanently for you.