What is Trg ransomware?
Trg is a new virus in the Xorist family of ransomware. Much like all other ransomware programs, it encrypts files and demands payment to decrypt them. The files encrypted by Trg are given .trg file extension; in fact, this is how the virus got its name. This, too, is not unusual, but certain behaviors are.
Puzzlingly, the ransom note is called “КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt”. Though admittedly long, and written in caps, that’s not a very readable filename… unless you speak Russian that is. This translates to “HOW TO DECRYPT FILES” in Russian (it is worth noting that we’ve encountered similar ransomware before). The note itself is in Russian too. You can see the original text on the image above, but here’s the translation.
Attention! All your files are encrypted!
To decrypt your files write to our e-mail:
nikminch@bk.ru
Respond today or we will delete the decryption keys.
Because of this, it is reasonable to assume that Trg was aimed exclusively at Russian audience and all infections outside of that country are accidental. Most hackers do not decrypt their victims’ files after being paid, and in this case, the chances are pretty much infinitesimal.
Thankfully, it is possible to remove Trg ransomware and decrypt .trg files without paying the criminals or contacting them at all. The guide below will explain how to do it.