New variant of Troldesh Ransomware targets victims via compromised website URLs


The newer variant initially downloads a JavaScript host file, which when executed, downloads the actual ransomware file.
The threat actors use TOR for data transmission and communication with victims, and two malicious URLs for ransomware file delivery.

A new variant of the Troldesh ransomware is observing a rise in the past couple of weeks and spreading via compromised websites. The threat actors involved in spreading the malware trick victims into visiting malicious URLs by sending emails and messages on social media platforms.


How is the malware delivered?


According to security researchers from variant troldesh ransomware targets victims compromised website