https://www.bleepingcomputer.com/news/security/djvu-ransomware-spreading-new-tro-variant-through-cracks-and-adware-bundles/

In December 2018, a new ransomware called Djvu, which could be a variant of STOP,  was released that has been heavily promoted through crack downloads and adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension.

When first released, it was not known how the ransomware was being distributed and a sample of the main installer could not be found. When discussing the infection with the numerous victims who reported it in our forums and elsewhere, a common theme was noted; most of the victims stated that they became infected after downloading a software crack.