AskHelp@protonmail.com Ransomware

The AskHelp@protonmail.com Ransomware is a variant of the Matrix Ransomware, a file-locker Trojan that can keep you from opening your documents, images, and other media. This family is often in use in campaigns that target vulnerable business servers and drops text messages asking the victim to contact a criminal's e-mail account for ransoming instructions. Ignore the extortion-based method of unlocking your files if you have any alternatives, use anti-malware programs for uninstalling the AskHelp@protonmail.com Ransomware, and keep secure logins for your PC's protection.

Sending Your Files into the 'Matrix' Again

Simultaneously with the closely-related the AskHelp@protonmail.com Ransomware campaign, malware researchers also see the live distribution of another version of the Matrix Ransomware's family, using different communication addresses and cosmetic symptoms. These small changes are hints that one or more, separate threat actors, are working towards locking the files of business, NGO or government targets in return for Bitcoins, with the help of the AskHelp@protonmail.com Ransomware.

The threat actors responsible for installing the AskHelp@protonmail.com Ransomware manage its encryption routine, which shows a visible UI window displaying the progress of the attack. The successful encrypting of text documents, spreadsheets, images, and other media formats keeps them from opening in their programs until the user can decrypt them with an appropriate decryption program. The AskHelp@protonmail.com Ransomware doesn't drop this solution with the rest of its payload; the victim must pay a ransom for gaining the threat actor's help with unlocking the files.

The AskHelp@protonmail.com Ransomware's name is from the format it uses for renaming any file that it blocks: a bracketed e-mail address (that the user also can see in the accompanying, RTF ransoming message) followed by a series of random characters and an '.ANN' extension. Additionally, malware experts are highlighting the need for having proper network security when containing the AskHelp@protonmail.com Ransomware infections, which can access network-shared files and block them, as well. Lastly, the AskHelp@protonmail.com Ransomware, and other Matrix Ransomware variants, also delete Shadow Copies, which is, for file-locking Trojans, a standard procedure that keeps the user from recovering via a Windows restore point.

The Best, Free Help for Escaping the Matrix

There isn't a free decryption solution that's compatible with the AskHelp@protonmail.com Ransomware's family. However, most users can protect their servers from these threats by establishing login credentials that aren't vulnerable to brute-force attacks, such as by using unique and complex passwords. Keeping any network access between separate PCs limited and double-checking your RDP settings for any unexpected changes also are appropriate defenses against the Matrix Ransomware family's ongoing campaigns. While victims shouldn't pay the threat actors, if possible, they may wish to use the offer of a free 'sample' of the decryptor for recovering up to three files.

The AskHelp@protonmail.com Ransomware infections require the active assistance of a threat actor who could install other threats at his leisure or conduct other attacks, such as collecting confidential information. While the AskHelp@protonmail.com Ransomware and other Matrix Ransomware variants have no sophisticated backdoor features, the presence of any of these threats is one sign that the PC is at risk for future aggressive acts from a remote attacker. Affected PCs should have full scans by appropriate anti-malware programs, both for uninstalling the AskHelp@protonmail.com Ransomware, and making sure that backdoor Trojans, spyware, and other threats aren't present.

A password like 'admin123' is easy for remembering but just as straightforward for cracking. For the sake of keeping the AskHelp@protonmail.com Ransomware's ransoms as unprofitable as possible, everyone should be ready to err on the side of keeping their logins secure.