BatHelp@protonmail.com Ransomware

The 'BatHelp@protonmail.com' Ransomware is a file-locking Trojan from the Matrix Ransomware's family. Criminals distributing these threats often use RDP exploits and brute-force utilities for breaking into networks and compromising logins. Since it can cause significant damage to your media by encrypting it with a secure algorithm, users should back up their files for their protection and keep anti-malware solutions available for removing the 'BatHelp@protonmail.com' Ransomware automatically.

When a Server Security Goes Wrong

The Matrix Ransomware, a series of Trojans from different teams of threat actors, is best known for its RDP attacks, which abuse vulnerabilities in login credentials for infecting PCs and holding their files hostage. Although this family isn't as populous as the totally-free Hidden Tear or the Ransomware-as-a-Service Globe Ransomware, it does grow occasionally, and malware experts are verifying another member, as of late July. By the evidence so far, the 'BatHelp@protonmail.com' Ransomware is upholding all of the traditions regarding how it attacks and ransoms data.

The 'BatHelp@protonmail.com' Ransomware is being reported in distribution, with, as previously, Remote Desktop exploits being the likeliest strategy for infection. Other threat actors also may use e-mail-based means of targeting workers at for-profit companies or other entities with valuable server data. Unlike most file-locker Trojans, the 'BatHelp@protonmail.com' Ransomware displays a visible progress window while it encrypts the local files, and runs under the direct control of a remote attacker, instead of as a concealed, background process. The 'BatHelp@protonmail.com' Ransomware also replaces the entire filename of every file it locks with a string in a format that consists of a bracketed e-mail address (as seen in its name), a series of semi-random characters broken up by a dash, and a '.CORE' extension.

The 'BatHelp@protonmail.com' Ransomware's update of the Matrix Ransomware ransoming note includes instructions in (grammatically incorrect) English for speaking with the threat actors and buying their decryptor. Malware experts, who have yet to confirm the ransom amount in these attacks, recommend against paying the Bitcoin-based fee, which threat actors can accept without feeling obligated to return the files.

The Best Kind of Help against a 'BatHelp@protonmail.com' Ransomware Attack

Password security is a linchpin for successful defenses against most versions of THE Matrix Ransomware, including the newest the 'BatHelp@protonmail.com' Ransomware. Insufficiently strong passwords can allow criminals to compromise them through brute-force attacks that 'guess' large numbers of text strings quickly. Some attacks from this family also fall back on other infection methods, such as Exploit Kits, that standard anti-malware products should block automatically. Disabling some Web-browsing content, such as JavaScript, can deliver even more protection from these drive-by-downloads.

Although some file-locker Trojans don't take precautions against Windows restoration features, the 'BatHelp@protonmail.com' Ransomware's family deletes the Shadow Volume Copies, by default. The user should save their work to a suitably isolated location, such as another service, to have a recovery option that doesn't hinge on a decryption service. Malware experts see no current decryption solutions in evidence for the Matrix Ransomware family for free, although many anti-malware programs should delete the 'BatHelp@protonmail.com' Ransomware as soon as it tries to install itself.

The 'BatHelp@protonmail.com' Ransomware offers its victims only a few avenues for saving what's theirs, and all of them demand some degree of premeditated security practices. Carelessness in network maintenance is a bad habit that's costing more and more companies hundreds and thousands of dollars, as a result of Trojans just like this one.