LostTrust Ransomware Targets Businesses

We came across a ransomware variant known as LostTrust during our examination of malware samples. LostTrust's primary objective is to encrypt data, rendering it inaccessible to victims. Additionally, LostTrust appends the ".losttrustencoded" extension to filenames and delivers a ransom note labeled "!LostTrustEncoded.txt."

To illustrate how LostTrust alters filenames, it transforms "1.jpg" into "1.jpg.losttrustencoded," "2.png" into "2.png.losttrustencoded," and so on.

The note states that the attackers have obtained a substantial amount of critical data from the victim's network and offers to provide a detailed list of the compromised files upon request. They also promise to decrypt a few files for free, as long as each file is no larger than 5 megabytes.

The note assures that payment will result in the successful decryption of all data and the disclosure of the vulnerabilities used to infiltrate the network.

Furthermore, it outlines potential repercussions for non-cooperation, which include the public release or sale of the stolen data, ongoing cyberattacks, targeting of partners and suppliers, and the possibility of legal actions for data breaches. The note provides instructions for contacting the attackers through the Tor browser, live chat on their website, or a VPN if Tor is restricted in the victim's area.

In the note, cybercriminals establish a three-day deadline for initiating contact and caution that the decryption keys will be permanently destroyed if no communication takes place. They also threaten to publish the victim's data if third-party negotiators are engaged.

LostTrust Ransom Note Indicates Hackers Target Businesses

The full text of the LostTrust ransom note goes as follows:

To the board of directors.

Your network has been attacked through various vulnerabilities found in your system.
We have gained full access to the entire network infrastructure.

Our team has an extensive background in legal and so called white hat hacking.
However, clients usually considered the found vulnerabilities to be minor and poorly
paid for our services.
So we decided to change our business model. Now you understand how important it is
to allocate a good budget for IT security.
This is serious business for us and we really don't want to ruin your privacy,
reputation and a company.
We just want to get paid for our work whist finding vulnerabilities in various networks.

Your files are currently encrypted with our tailor made state of the art algorithm.
Don't try to terminate unknown processes, don't shutdown the servers, do not unplug drives,
all this can lead to partial or complete data loss.

We have also managed to download a large amount of various, crucial data from your network.
A complete list of files and samples will be provided upon request.

We can decrypt a couple of files for free. The size of each file must be no more than 5 megabytes.

All your data will be successfully decrypted immediately after your payment.
You will also receive a detailed list of vulnerabilities used to gain access to your network.

If you refuse to cooperate with us, it will lead to the following consequences for your company:

  1. All data downloaded from your network will be published for free or even sold
  2. Your system will be re-attacked continuously, now that we know all your weak spots
  3. We will also attack your partners and suppliers using info obtained from your network
  4. It can lead to legal actions against you for data breaches

!!!!Instructions for contacting our team!!!!
Download and install TOR browser from this site : hxxps://torproject.org
For contact us via LIVE CHAT open our website : -
If Tor is restricted in your area, use VPN
All your Data will be published in 3 Days if NO contact made
Your Decryption keys will be permanently destroyed in 3 Days if no contact made
Your Data will be published if you will hire third-party negotiators to contact us

How is Ransomware Like LostTrust Distributed Online?

Ransomware like LostTrust is typically distributed online using various methods and techniques. Cybercriminals employ a range of strategies to infect victims' systems with this type of malware:

  • Phishing Emails: One of the most common distribution methods involves sending malicious emails that appear legitimate. These emails may contain infected attachments (e.g., Word documents or PDFs) or links to malicious websites. Once the victim opens the attachment or clicks the link, the ransomware payload is downloaded and executed on their system.
  • Malicious Downloads: Cybercriminals may create fake websites or compromise legitimate ones to host malicious software. Victims may unknowingly download the ransomware when they visit these sites or click on malicious advertisements.
  • Exploit Kits: Exploit kits are toolkits that contain exploits for known vulnerabilities in software and browsers. Cybercriminals use these kits to automatically infect systems that have not been patched or updated with the latest security fixes. Once the system is compromised, the ransomware is delivered.
  • Drive-by Downloads: This method involves infecting websites with malicious code. When a user visits an infected website, the ransomware is automatically downloaded and executed on their computer without any action required on the user's part.
  • Malvertising: Cybercriminals may compromise online advertising networks and display malicious advertisements (malvertisements) on legitimate websites. Clicking on these malicious ads can lead to ransomware infections.
  • Remote Desktop Protocol (RDP) Attacks: Attackers may exploit weak or default RDP credentials to gain unauthorized access to a victim's system. Once inside, they can manually install ransomware.
  • Watering Hole Attacks: In this method, cybercriminals target websites that are frequently visited by their intended victims. They compromise these sites to deliver ransomware to visitors who trust the site's content.
  • Social Engineering: Cybercriminals may use social engineering tactics to trick users into downloading and executing ransomware. For example, they might pose as technical support personnel or employ scare tactics to convince victims to install malicious software.
By Zaib
September 27, 2023
Ransomware
English
September 27, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

N3TW0RM Ransomware Targets Israeli Businesses

A new ransomware family is being used to carry attacks against vulnerable systems. The threat, dubbed N3TW0RM Ransomware, has so far been used exclusively against Israel-based companies and users. The malicious... Read more

May 4, 2021
Ransomware

Yanluowang Ransomware, new Gang Targets Businesses

Cybersecurity experts have identified a new ransomware gang, which appears to go under the name Yanluowang. Their product, the so-called Yanluowang Ransomware, is being deployed through a multi-stage attack process.... Read more

October 21, 2021
Ransomware

Hgjzitlxe Ransomware Targets Businesses

During our analysis of malware samples, we discovered Hgjzitlxe, a type of ransomware associated with the Snatch family. Our investigation revealed that Hgjzitlxe encrypts files and adds its own extension... Read more

July 7, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.