The Patagonia92@tutanota.com Ransomware is an updated version of the RotorCrypt Ransomware and conducts the same style of attacks as its ancestor: locking your media, such as documents or pictures, by encrypting it. Unlike most members of its family, the Patagonia92@tutanota.com Ransomware does leave a ransom note, although malware experts strongly recommend against paying. Most anti-malware products should remove the Patagonia92@tutanota.com Ransomware by default, and non-local backups are the best restoration method for your data.
A Formerly Voiceless Trojan Speaks
The debut of the RotorCrypt Ransomware family is notable for how little its threat actor did to communicate with his victims. Instead of delivering a typical ransoming message, the file-locking Trojan proceeded with encryption and, merely, added e-mail addresses to filenames. That appears to be changing with its new version, the Patagonia92@tutanota.com Ransomware, which malware experts are confirming, still locks files.
The Patagonia92@tutanota.com Ransomware uses secure, RSA encryption for locking various formats throughout the PC's file system, with expected targets ranging from Microsoft Office documents to pictures, audio or movies. This feature is for withholding media from the users until they pay the ransom, which, for most file-locking Trojans, employs a cryptocurrency like Bitcoin. Even though the Patagonia92@tutanota.com Ransomware keeps this aspect of the first Trojan, in other ways, its payload is the opposite of RotorCrypt Ransomware's symptoms.
Previously, the RotorCrypt Ransomware's sole communication method was the e-mail address it appended to filenames. Now, the Patagonia92@tutanota.com Ransomware doesn't modify the names of any data, at all. However, it does create a minimal ransom note in a TXT format. The only information it includes is a new e-mail address and the phrase 'help mail,' without any details on the ransom.
Silencing the Not-Too-Subtle Extortion Threats
The RotorCrypt Ransomware includes several variants besides the Patagonia92@tutanota.com Ransomware, such as the 'Blacknord@tutanota.com' Ransomware, the Starbax@tutanota.com Ransomware and the Panama1@tutamail.com Ransomware. In no cases, malware experts can find any vulnerabilities that would allow others to acquire the keys to the cryptography process and reverse-engineer a decryption solution. Since this also is the case with the Patagonia92@tutanota.com Ransomware, all PC users should be responsible for backing up their files onto secure devices regularly.
Another characteristic of the group that the Patagonia92@tutanota.com Ransomware belongs to is its Ransomware-as-a-Service or RaaS model of doing business, which can use different threat actors for distribution purposes. The business sector is a particularly likely target of such attacks, which can come over e-mail spam or hijack systems with non-secure protection on their RDP settings. Default anti-malware software may remove the Patagonia92@tutanota.com Ransomware during an 'accidental' installation, and secure passwords can protect a PC from any remote attackers.
The fact that the Patagonia92@tutanota.com Ransomware reverses its method of soliciting ransoms precisely doesn't affect the ease or challenges of restoring your files. Whether they're talking to their victims in filenames, pop-ups, or Notepad texts, file-locking Trojans mean business.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Patagonia92@tutanota.com Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.