<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

XTBL Ransomware aka Shade and Troldesh

XTBL Ransomware, also known as Shade and Troldesh, is a crypto-ransomware variant originally created in Russia and used in attacks all over the world. XTBL encrypts a user’s files with an “.xtbl” extension, and is mainly spread via spam e-mails.

While most ransomware attackers go to great efforts to hide themselves, often using TOR, XTBL's creators provide their victims with an e-mail address, which they use to communicate a demand for ransom and dictate a payment method.

ThreatSTOP customers are protected from XTBL.

Share this:


see all


  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter