Group-IB Registers New Wave Of Troldesh Ransomware Attacks Against Russian Business

MOSCOW (UrduPoint News / Sputnik - 24th June, 2019) International cybersecurity company Group-IB said on Monday that it had registered a new wave of phishing attacks involving the Troldesh encryption virus on Russian companies in the second quarter of 2019, with the number of attacks in the past three months already exceeding that of the same period last year.

The previous wave of Troldesh attacks was registered in March. The malware, first detected by the company in 2015, encrypts files on a recipient's device and demands ransom in exchange for restored access to the data.

"Group-IB has registered new large-scale attacks by the Troldesh (Shade) encryption virus on Russian companies. Hackers send letters on behalf of employees of large airlines, car dealerships and media. In June alone, Group-IB discovered more than 1,100 phishing emails containing Troldesh.

In total, their number exceeded 6,000 in the second quarter of 2019," the company said in a press release.

According to Group-IB, there were 2.5 times as many Troldesh attacks in the second quarter alone as there were in the whole of 2018, and that the month of June has already seen an unprecedented number of phishing attacks.

"Recent Troldesh campaigns have shown that now, [the malware] not only encrypts files but also mines cryptocurrency and generates traffic to websites to increase traffic and income from online advertising," the press release added.

In these attacks, hackers send e-mails to recipients, pretending to be employees of various well-known companies and ask the recipients to open the attached file, which allegedly has details of an order, only to find that it contains malware, Group-IB said.