[Virus/Malware Activity Report: LostTrust Ransomware]

A breach believed to be in the form of LostTrust ransomware occurred
Accordingly, we will provide confirmation and warning regarding the situation as follows.

LostTrust Ransomware

The ransomware in question is called LostTrust and has a filename.extension. It appears that all files are being changed to .losttrustencoded.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• It is built based on C++ and forces the process termination of data-related programs (SQL/web server/backup, etc.) and encrypts all files except some exception paths and exception files.

  
  [Figure 3 Static string inside data-related process stop command]

  
  [Figure 4 Exception handled folder contents static code]

  
  [Figure 5 File name static code with some encryption exceptions]

Infection results

The guide file contains < !LostTrustEncoded.txt > is created, and during encryption, the files are changed to .

[Figure 6 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 7 Block message]

Watch LostTrust blocking video