With so many different types of ransomware making the rounds, it becomes pretty difficult to know everything that is going on. In the case of Troll ransomware, there is not much to know. It successfully encrypts every single file on one’s PC or connected drives, including the entire Windows folder. This toolkit is not designed as ransomware per se, but more of a cyber warfare tool.
What is the Deal with Troll Ransomware?
Cybercriminals often come up with new and creative ways to make ransomware an even bigger threat than it used to be. Data wipers are one of the factors to contend with right now. These tools do not just encrypt all files on one’s computer, they will also remove any data stored within those files, rendering them useless. Troll ransomware is taking a slightly different approach, although it will prove very difficult to get rid of this malicious software.
There appears to be some confusion as to how Troll ransomware is spreading right now. Some sources claim the malware is advertised as a fake video player for desktop computers. It is a bit unclear if that is Troll’s only method of distribution. There is no guarantee that the malware will only infect computers; it may very well be modified to attack mobile devices as well. Only time will tell how this situation evolves in the coming weeks and months.
One thing we do know about Troll ransomware is how incredibly annoying it is to get rid of once it infects your computer. In fact, it may even be impossible to do so, considering that the malware encrypts every single file on it. It will attack removable drives and additional installed hard drives as well, which is quite a troublesome development. There is no indication Troll will affect network drives as well, but it makes sense to think it would do exactly that.
Trollish #Ransomware pretends to be video/player but (weakly) encrypts all files on C: to G: (random byte xored w/ each byte in files) pic.twitter.com/rZKpdRsRMH
— Microsoft MMPC (@msftmmpc) August 28, 2017
It is rather uncommon to see a new type of ransomware encrypt every single file on affected devices, as there is no reason to do so. In most cases, ransomware strains ignore certain directories, including the Windows and Program Files folders, to ensure the computer remains operational for the foreseeable future. This is especially necessary if the criminals expect to receive a Bitcoin payment for their efforts. That does not appear to be the objective of the Troll ransomware developers at this point.
In a way, one could argue Troll is designed to be a cyber war weapon rather than traditional ransomware. Even though it does encrypt files – albeit very weakly – there is no intention of letting owners restore their information in the future. Instead, it seems this malware type is a tool to prevent computers from operating altogether. This only fuels the speculation as to how it could also be used to successfully brick IoT and mobile devices in the future.
It is not surprising that we see these types of tools, as we have recently seen a new type of malware. Data wipers are slowly becoming more popular, indicating some cybercriminals are looking to brick devices rather than collect payments. It is a very disturbing development in the world of malware and ransomware, to say the least. It is certainly possible we will see similar malware moving forward.