Computer scammers are becoming more sophisticated and dodgy every year. Their latest “achievement” was the sending of Troldesh ransomware-infected letters on behalf of reputable companies, car dealers, air carriers and the media. The Troldesh virus, also known as Shade, XTBL, Trojan.Encoder.858, Da Vinci or No_more_ransome encrypts information computer and extorting money for the key to release information. The Group-IB company specializing in cybersecurity for incomplete June has already recorded over 1.1 thousand such penetrations. At the same time, letters came on behalf of Kia and Rolf, Polar Airlines, as well as RBC and Novosibirsk-online. The content of letters sent from false addresses contains a request to familiarize yourself with the attached file, which contains commercial information. When you open these files, a virus is immediately installed on the computer. The Troldesh class virus was detected back in 2015. His last mass mailing was discovered in March of this year, then letters came from large retailers (Auchan, Magnit and PIK Group of Companies), banking institutions (Gazprombank and Otkritie Bank) and construction companies. An additional unpleasant “bonus” recently of the ransomware virus is the installation of applications for cryptocurrency mining or traffic generation.