TrueCrypter targets Windows OS and, currently, the distribution method is unknown. Once installed, it checks to see if it is running within a sandbox or virtual machine. It also checks for security software processes and, if any are detected, TrueCrypter will terminate them. It encrypts files using AES-256 and stores the generated key at the end of each file. It also deletes Shadow Volume Copies to prevent file restoration. Files encrypted by TrueCrypter display the .enc file extension. It demands a ransom payment of .2 Bitcoin or $115 USD paid via Amazon gift cards. This variant, however, is poorly written and merely clicking the “Pay” button without submitting payment will begin the decryption process. Once the files are decrypted, TrueCrypter removes itself from the infected machine.
- Bleeping Computer provides more information about TrueCrypter here.
- To decrypt files encrypted by TrueCrypter, click on the “Pay” button without submitting payment.