IT security researchers discovered a new variant of Merosa@india.com ransomware, which named Tronas ransomware. It appends the .tronas file extension to encrypted file names. Read below a brief summary of information related to this ransomware and how to restore or decrypt .tronas files for free.
Tronas ransomware uses a strong encryption algorithm with long key. The virus will encrypt almost all types of files, including common as:
.wbd, .srw, .xlsb, .qdf, .kf, .apk, .t13, .xpm, .wri, .1, .esm, .bik, .xml, .ppt, .wpl, .syncdb, .wn, .vcf, .csv, .zip, .iwd, .sav, .xmmap, .m2, .itm, .cas, .zdc, .docx, .x3d, .vtf, .pdd, .vpk, .ztmp, .lrf, .png, .wotreplay, .wbc, .wgz, .der, .jpe, .x3f, .webp, .rgss3a, .mdbackup, .hplg, .wpd, .wdp, .hvpl, .cfr, .wps, .arch00, .sis, .xdb, .3dm, .wcf, .odt, .ws, .pst, .psd, .rtf, .upk, .wb2, .wps, .vpp_pc, .big, .xbdoc, .ai, .kdb, .vfs0, .xyw, .7z, .flv, .dwg, .wmd, .m4a, .crt, .wma, .lbf, .zabw, .wmv, .ptx, .r3d, .wsh, .raw, .cdr, .d3dbsp, .wsc, .fpk, .sidd, .cr2, .xlsx, .orf, .xf, .w3x, .xll, .z, .das, .wp5, .xy3, .dbf, .pem, .p7c, .epk, .sum, .xyp, .blob, .1st, .xmind, .icxs, .zi, .z3d, .pak, .wsd, .ysp, .yml, .wpd, .pfx, .xls, .lvl, .xlk, .ibank, .bsa, .pdf, .fsh, .menu, .mrwref, .xxx, .dmp, .slm, .dng, .mov, .bar, .zif, .svg, .snx, .wmo, .zw, .mpqge, .yal, .jpeg, .css, .rim, .asset, .m3u, .sidn, .arw, .xlsm, .zip, .erf, .wbz, .ybk, .sie, .jpg, .hkdb, .xwp, .wpa, .xar, .ncf, .t12, .dxg, .mcmeta, .0, .pptm, .wpe, .rw2, .odb, .zdb, .xlsm, .xx, .dba, .accdb, .xlsx, .forge, .wma, wallet, .mdb, .map, .iwi, .sr2, .wpt, .ltx, .docm, .wpw, .wire, .xls, .rb, .avi, .gho, .x3f, .xdl, .odp, .wp6, .p7b, .cer, .fos, .bkf, .ff, .wp, .odm, .dcr, .itdb, .rofl, .wbm, .pkpass, .dazip, .wpg, .re4, .3ds, .xld, .odc, .mddata, .raf, .qic, .sb, .sql, .litemod, .p12, .mp4, .wp7, .wm, .x, .nrw, .mlx, .xlgc, .wmv, .js, .wot, .bkp, .indd, .txt, .vdf, .sid, .y, .wmf, .doc
Once a file is encrypted, its extension replaced to .tronas. Next, the virus creates a file named ‘_open_.txt’. This file contain a note on how to decrypt all encrypted photos, documents and music. An example of the ransom demanding message is:
ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-hK4tAv2Ed9 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: firstname.lastname@example.org Reserve e-mail address to contact us: email@example.com Your personal ID:
We suggest you remove .Tronas ransomware virus ASAP, until the presence of the ransomware virus has not led to even worse consequences. You need to follow the tutorial below that will help you to completely remove ransomware from your personal computer as well as recover (decrypt) .tronas files, using only few free utilities.
- How to remove .Tronas ransomware virus
- How to decrypt .tronas files
- Use STOPDecrypter to decrypt .tronas files
- How to restore .tronas files
- How to protect your personal computer from .Tronas ransomware?
- To sum up
How to remove .Tronas ransomware virus
In order to remove .Tronas ransomware from your PC, you need to stop all ransomware virus processes and delete its associated files including Windows registry entries. If any virus components are left on the computer, the virus can reinstall itself the next time the PC system boots up. Usually ransomware viruses uses random name consist of characters and numbers that makes a manual removal procedure very difficult. We recommend you to use free ransomware removal utilities which will help delete Tronas ransomware virus from your PC system. Below you can found a few popular malware removers that detects various ransomware.
Remove .Tronas ransomware virus with Zemana Anti-malware
Zemana Anti-malware is a utility that can remove viruses, adware, ransomware, trojans and other malware from your computer easily and for free. Zemana Anti-malware is compatible with most antivirus software. It works under Windows (10 – XP, 32 and 64 bit) and uses minimum of computer resources.
Visit the page linked below to download the latest version of Zemana Anti-Malware for Windows. Save it on your MS Windows desktop or in any other place.
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
After the download is finished, start it and follow the prompts. Once installed, the Zemana Anti Malware will try to update itself and when this task is done, click the “Scan” button . Zemana AntiMalware (ZAM) utility will begin scanning the whole personal computer to find out the .Tronas ransomware virus and other malware.
This task can take some time, so please be patient. While the Zemana Anti-Malware (ZAM) is scanning, you can see how many objects it has identified either as being malicious software. In order to remove all items, simply click “Next” button.
The Zemana Anti-Malware (ZAM) will remove .Tronas ransomware virus related files, folders and registry keys and add threats to the Quarantine.
Remove Tronas ransomware virus with MalwareBytes
We suggest using the MalwareBytes Free which are fully clean your PC system of the ransomware. This free tool is an advanced malicious software removal program designed by (c) Malwarebytes lab. This program uses the world’s most popular anti-malware technology. It’s able to help you remove ransomware, malware, adware, worms, trojans, and other security threats from your personal computer for free.
- MalwareBytes Anti Malware can be downloaded from the following link. Save it on your MS Windows desktop or in any other place.
Category: Security tools
Update: April 15, 2020
- At the download page, click on the Download button. Your internet browser will open the “Save as” prompt. Please save it onto your Windows desktop.
- Once the downloading process is finished, please close all programs and open windows on your personal computer. Double-click on the icon that’s called mb3-setup.
- This will open the “Setup wizard” of MalwareBytes Free onto your computer. Follow the prompts and do not make any changes to default settings.
- When the Setup wizard has finished installing, the MalwareBytes Free will open and display the main window.
- Further, press the “Scan Now” button to perform a system scan with this tool for the Tronas ransomware and other security threats. While the MalwareBytes is scanning, you can see how many objects it has identified either as being malicious software.
- Once MalwareBytes Anti Malware (MBAM) has completed scanning your computer, a list of all items found is prepared.
- Review the report and then click the “Quarantine Selected” button. After the clean-up is finished, you may be prompted to reboot the machine.
- Close the AntiMalware and continue with the next step.
Video instruction, which reveals in detail the steps above.
Delete .Tronas ransomware virus with KVRT
KVRT is a free portable application that scans your PC system for malware, trojans, worms and ransomware viruses like the .Tronas ransomware and helps remove them easily. Moreover, it will also allow you remove any malicious browser extensions and add-ons.
Download Kaspersky virus removal tool (KVRT) from the link below.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once downloading is finished, double-click on the KVRT icon. Once initialization process is finished, you will see the Kaspersky virus removal tool screen as shown below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next press Start scan button for scanning your machine for the .Tronas ransomware virus and other trojans and harmful programs. This process can take quite a while, so please be patient. When a threat is detected, the number of the security threats will change accordingly. Wait until the the scanning is done.
When KVRT has completed scanning your system, you will be opened the list of all found threats on your personal computer as displayed in the following example.
Once you’ve selected what you want to remove from your computer click on Continue to begin a cleaning task.
How to decrypt .tronas files
The .Tronas ransomware virus uses strong encryption method. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the authors of the .Tronas ransomware virus entire amount requested – the only way to try to get the decryption key and decrypt all your files.
Never pay the ransom! You might feel that you have no other choice but to pay up and decrypt .tronas files quickly. There is no guarantee that the authors of the Tronas ransomware will live up to the word and give back your files.
Use STOPDecrypter to decrypt .tronas files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.tronas).
Please check the twitter post for more info.
How to restore .tronas files
In some cases, you can recover files encrypted by .Tronas ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.
Use shadow copies to recover .tronas files
In some cases, you have a chance to recover your files that were encrypted by the .Tronas ransomware. This is possible due to the use of the tool called ShadowExplorer. It is a free program which created to obtain ‘shadow copies’ of files.
ShadowExplorer can be downloaded from the following link. Save it directly to your Microsoft Windows Desktop.
Category: Security tools
Update: September 15, 2019
Once downloading is complete, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown in the figure below.
Start the ShadowExplorer utility and then choose the disk (1) and the date (2) that you wish to restore the shadow copy of file(s) encrypted by the .Tronas ransomware virus as displayed in the following example.
Now navigate to the file or folder that you wish to recover. When ready right-click on it and click ‘Export’ button as shown in the figure below.
Use PhotoRec to restore .tronas files
Before a file is encrypted, the .Tronas ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file restore apps such as PhotoRec.
Download PhotoRec on your MS Windows Desktop from the following link.
Category: Security tools
Update: March 1, 2018
Once downloading is done, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will show a screen as displayed in the figure below.
Choose a drive to recover as shown on the image below.
You will see a list of available partitions. Select a partition that holds encrypted documents, photos and music as displayed in the figure below.
Click File Formats button and select file types to restore. You can to enable or disable the restore of certain file types. When this is finished, press OK button.
Next, click Browse button to choose where restored personal files should be written, then click Search.
Count of restored files is updated in real time. All restored photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is complete, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as shown on the screen below.
All recovered files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your personal computer from .Tronas ransomware?
Most antivirus programs already have built-in protection system against the virus. Therefore, if your system does not have an antivirus program, make sure you install it. As an extra protection, use the HitmanPro.Alert.
Run HitmanPro.Alert to protect your PC from .Tronas ransomware virus
All-in-all, HitmanPro.Alert is a fantastic utility to protect your system from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from MS Windows XP to Windows 10.
Click the link below to download HitmanPro Alert. Save it directly to your Windows Desktop.
Category: Security tools
Update: March 6, 2019
Once downloading is finished, open the file location. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. When the tool is opened, you will be shown a window where you can select a level of protection, as displayed in the following example.
Now press the Install button to activate the protection.
To sum up
Once you have finished the few simple steps above, your computer should be clean from .Tronas ransomware and other malware. Your computer will no longer encrypt your personal files. Unfortunately, if the guide does not help you, then you have caught a new variant of ransomware virus, and then the best way – ask for help here.