Tron ransomware is a newly discovered cryptovirological strain that is targeting English speaking users. According to initial investigations, the variant belongs to the Dharma ransomware family. Dharma has been an active ransomware strain since 2016 and inflicted considerable damage to users all across the globe.
Tron, like other variants of Dharma, uses Advanced Encryption module to lock down the files on the affected device. The encrypted files are then appended with a long extension that contains the attacker’s ID and the word ‘Tron’.
A unique ransom note
In most of the ransomware attacks, the ransom note appears on the desktop screen or in every folder in text or HTML file format. However, Tron operators have taken quite a different approach with the display of ransom note. Instead of finding the note in a separate file, the affected users are redirected to the window of instructions whenever they click on an encrypted file.
As per these instructions, the targeted users are asked to get in contact with the operators for ransomware removal within 10 days after the attack. The attackers also warn that the affected users won’t be able to recover their encrypted data after the expiration of this deadline. Moreover, they demand 0.05 Bitcoin, which is equal to $400 according to the current exchange rate, to provide decryption key for ransomware removal. They also guide victims on how to purchase Bitcoins.
Dharma attacks are on the rise
Cybersecurity experts have seen a sudden rise in Dharma ransomware activity during this fall. In the last 3 months, five Dharma variants have been discovered. Apart from Tron, the recently discovered Dharma variants are Gamma, Xxxxx, Brr and Audit ransomware.
Security experts and law enforcement entities always advise against engaging with the perpetrators for ransomware removal. The best way to deal with ransomware attacks is to maintain data backups and get expert professional assistance.
