The users who are interested in the cyber security may have heard about the virus, called the TrueCrypt. This ransomware-type virus has been encrypting the data and extorting money for a while, but lately, it seems to have disappeared. It may seem like some great news. Unfortunately, there is nothing to be happy about. Apparently, TrueCrypt has simply evolved, changed its name to TrueCrypter and continues to ravage through the victims’ computers with an increased force.
What has not changed, though, is the way this ransomware spreads. Just like its previous version, TrueCrypter is distributed via spam emails and can be downloaded as a legitimate-looking attachment file. Once the malicious attachment is opened, the virus activates itself and starts encrypting files, using the AES-256 algorithm. After the encryption all of the photo, video files, archives and other documents on the infected computer become inaccessible. The encrypted content can be recognized from the .enc extension instead of the regular ones. After the TrueCrypter finishes its dirty work, it demands the victim to pay ~$910 USD in BitCoins or $115 USD in Amazon gift cards. It is interesting that the cyber criminals ask the victims to pay in gift cards as they are not anonymous. Thus, the receiver can easily be tracked. Nevertheless, it is not the only error of this program.
Luckily for the computer users, the files locked by TrueCrypter can also be easily decrypted. In fact, clicking the “Pay” button is all that takes to have your files back. After clicking “Pay”, the virus immediately connects to Command/Control center from which it downloads the decryption key. Then, the files on the computer are decrypted, and the virus eliminates itself from the system. If the virus fails to contact the Command/Control center, the virus will still deletes itself from the computer, but the files will remain locked. Therefore, it is recommended to make a backup of your files before you try recovering then this way. Because of the mentioned shortcomings, the security experts presume that this program is not a work of professional malware developers but rather an experimental creation by some amateur hackers. Either way, its is not a pleasant experience to be dealing with such viruses, so, you should protect your system before one of them hits.