Cybersecurity researchers from Sucuri have discovered that a new variant of the Troldesh ransomware has become more rampant in the past couple of weeks and is spreading via compromised websites. The threat actors involved in spreading the malware trick victims into visiting malicious URLs by sending emails and messages on social media platforms.
Researchers also added that attackers used at least two malicious URLs from compromised websites considering the case if one of them stops working, then the other should continue to perform the intended actions.
If the antivirus program installed on the victims’ computer does not detect the malicious host file or the ransomware executable file, then the ransomware starts encrypting files from the victims’ computer using a notable method.
Interestingly, the threat actor is also using a .onion URL to set up an alternative means of communication if the email address for communication does not work. However, researchers stated that this feature was added in the latest variant of the Troldesh ransomware.