ThreatSTOP Blog

XTBL Ransomware aka Shade and Troldesh

Written by threatstopbme | April 11, 2016

XTBL Ransomware, also known as Shade and Troldesh, is a crypto-ransomware variant originally created in Russia and used in attacks all over the world. XTBL encrypts a user’s files with an “.xtbl” extension, and is mainly spread via spam e-mails.

While most ransomware attackers go to great efforts to hide themselves, often using TOR, XTBL's creators provide their victims with an e-mail address, which they use to communicate a demand for ransom and dictate a payment method.

ThreatSTOP customers are protected from XTBL.