Home Malware Programs Ransomware 'decryptxxx@protonmail.com' Ransomware

'decryptxxx@protonmail.com' Ransomware

Posted: June 26, 2019

The 'decryptxxx@protonmail.com' Ransomware is a file-locking Trojan that can block media on your computer, such as pictures, with encryption. Further attacks can deliver ransom messages and generate pop-up warnings that demand ransoms for the criminal's decryption help. Secure backups will give victims a free recovery option, and most anti-malware services can delete the 'decryptxxx@protonmail.com' Ransomware and its other family members.

The X that Stands for More than Mere Erotica

While 'triple X' is synonymous with adult media, Trojans are happily taking up another variant of the letter for their brand: ransoming file-unlocking services through the 'decryptxxx@protonmail.com' Ransomware. This file-locking Trojan is an update of the Dharma Ransomware, the sub-division of theCrysis Ransomware's family that's dominating the Ransomware-as-a-Service since 2016. While malware researchers have restricted information on the locations of any compromised computers, it seems likely that it's either circulating or prepping for it.

The 'decryptxxx@protonmail.com' Ransomware's installer is a 32-bit Windows exe with less than a megabyte of size, which isn't surprising, for a variant of the Dharma Ransomware – equally-diminutive relatives include the 'blacklist@clock.li' Ransomware, the decrypt@fros.cc Ransomware,the 'paydecryption@qq.com' Ransomware and the webmafia@asia.com Ransomware. The 'decryptxxx@protonmail.com' Ransomware blocks PDF documents, GIF pictures, archives, and other media by using a secure version of AES encryption. Purely for visual identifying, it also adds a quadruple-X extension into their names.

Some related symptoms and issues that malware researchers recommend looking for with a potential infection include:

  • Text messages asking for ransom money for an unlocker.
  • Pop-up advanced Web pages with similar warnings.
  • Missing the ShadowVolume Copies or the Restore Point data.
  • Fake anti-virus-scanning pop-ups.

Unfortunately, these symptoms may not be present as forewarning before the Trojan finishes blocking files.

Precautions against 'X-Treme' Trojan Children

E-mail is a much-used means of tricking workers into compromising their business networks through disguised attachments, such as tax or delivery-related documents. This strategy is, sometimes, notable in file-locker Trojans' attacks, along with their spreading through torrents and adult website malvertising. However, for recent incidents from the 'decryptxxx@protonmail.com' Ransomware's family, malware experts isolate RDP and brute-forcing as highly-likely vectors.

You can keep your PC, networks, and servers from being at risk from brute-forcing by using secure passwords and other login protections such as multifactor authentication. Having RDP off or protected is essential for avoiding attacks that scan the Web for vulnerable targets randomly. Features like macros, JavaScript, and Flash also can be left inactive until you can confirm the safety of the content that they're loading.

All of the previous recommendations will prevent infections from the Dharma Ransomware family and other threats. However, there is no free unlocker for the latest versions of this Trojan's family. Victims can remove the 'decryptxxx@protonmail.com' Ransomware with a dedicated anti-malware service, but recovery necessitates a pre-infection backup.

The swathe of destruction that a tiny program like the 'decryptxxx@protonmail.com' Ransomware can cut isn't nearly as small as its file size. When data is precious, how you store it is equally so, and forgetting your weekly backup can cost you more than your peace of mind.

Loading...