What is AutoAUTOTRON ransomware? And how does it carry out its attack?

AutoTRON ransomware is one of the file-encrypting threats discovered in the last week of April 2018. Although it may seem like it’s another variant of Tron ransomware because of its name, it’s actually not so you should not mistake the two. This ransomware threat is an independent crypto-malware and is also known as “TRON-AutoIt ransomware. According to security experts, it has some code snippets from Crypt888 ransomware as well as the ISHTAR ransomware although there really is no conclusive evidence that these threats have been developed by the same hacker or group of hackers.
AutoTRON ransomware should not be taken lightly as it is a really dangerous infection that does not only lock targeted files but also makes some unauthorized modifications on the infected system. Once it is executed in the system, it will begin to carry out its attack by running malicious scripts via Command Prompt and Powershell to alter the entries in the Windows Registry, boot sequence and delete Volume Shadow copies, unfortunately. And while these modifications are being carried out, AutoTRON ransomware freezes the screen with a ransom note. After it finishes data encryption, it will mark the encrypted files with the .TRON extension. In addition, this ransomware also delivers explicit payment instructions as well as other related information in a text file named “README.txt” that states:
“What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover my Files?
Sure, We guarantee that you can recover all your files safely and easily. But you have not so enough time.
You have only had 10 days to submit the payment. Also, if you don’t pay in 10 days, you won’t be able to recover your files forever.
How Do I pay?
Payment is accepted in Bitcoin only. For more information. Please check the current price of bitcoin and buy some bitcoins.
And send the correct amount to the address specified in the window.
After your payment, you need to write to us by mail (
[email protected] )
We will decrypt your files.
We strongly recommend you do not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!
To unlock the computer, you must transfer the bitcoins to this address: 1GFDAKpVsGskvn4RmnjjUxmcrX54xC41nY
to contact us, right here:
[email protected]
For buy bitcoins, I can advise
Website: xxxxs://localbitcoins.com
Website: xxxxs://www.bestchange.com
The essence of the work through the exchangers is very simple: Choose what currency to change.
Then what currency you want to ( in our case – want to receive bitcoins )
Indicate the requisites of your wallet pay and a few minutes receive bitcoins to your wallet.
if you do not understand, you can watch the video how to exchange your money for bitcoin xxxxs://www.youtube.com/watch?v=Jck4GeBB3-c”
How does AutoTRON ransomware proliferate?
At the time of writing, it isn’t clear how AutoTRON ransomware proliferates. However, it will most likely use the most common distribution method for ransomware threats which is via spam emails.
Use the removal guide given below to successfully terminate AutoTRON ransomware.
Step 1: The first thing you need to do is to obliterate the process of AutoTRON ransomware by opening the Task Manager – simply tap the Ctrl + Shift + Esc keys on your keyboard.
Step 2: After that, click the Processes tab and look for any suspicious-looking process that takes up most of your CPU’s resources and is most likely related to AutoTRON ransomware and then end its processes.

Step 3: Now that the malicious process is eliminated, close the Task Manager.
Step 4: Next, tap Win + R, type in appwiz.cpl and click OK or tap Enter to open Control Panel’s list of installed programs.
Step 5: Under the list of installed programs, look for AutoTRON ransomware or anything similar and then uninstall it.

Step 6: Then close Control Panel and tap Win + E keys to launch File Explorer.
Step 7: Navigate to the following locations below and look for AutoTRON ransomware’s malicious components it has created and downloaded into the system like README.txt and then delete all of them.

• %TEMP%
• %WINDIR%\System32\Tasks
• %APPDATA%\Microsoft\Windows\Templates\
• %USERPROFILE%\Downloads
• %USERPROFILE%\Desktop

Step 8: Close the File Explorer.
Before you go on any further, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use [product-name] this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 9: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.

Step 10: Navigate to the following path:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
• HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
• HKEY_CURRENT_USER\Control Panel\Desktop

Step 11: Delete the registry keys and sub-keys created by AutoTRON ransomware.
Step12. Close the Registry Editor and empty the Recycle Bin.
After you’ve covered the steps provided above, you need to continue the removal process of AutoTRON ransomware using a reliable program like [product-name]. How? Follow the advanced removal steps below.
Perform a full system scan using [product-code]. To do so, follow these steps:

1. Turn on your computer. If it’s already on, you have to reboot
2. After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.

3. To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
4. Windows will now load the SafeMode with Networking.
5. Press and hold both R key and Windows key.

6. If done correctly, the Windows Run Box will show up.
7. Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
8. After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
9. Once the installation process is completed, run [product-code] to perform a full system scan.

10. After the scan is completed click the “Fix, Clean & Optimize Now”button.