'ponce.lorena@aol.com' Ransomware

The 'ponce.lorena@aol.com' Ransomware is a file-locking Trojan that comes from the family of the Globe Imposter Ransomware – which imitates its competitor, the Globe Ransomware. Both families use similar attacks that encrypt your files so that they can't open and create ransom notes that sell their unlocking assistance. Users can maintain backups carefully for recovering without paying a ransom and use anti-malware utilities for deleting the 'ponce.lorena@aol.com' Ransomware.

The Rarity of a Trojan with a Proper Name

Since its evolution to the Globe Imposter 2.0 Ransomware, the Ransomware-as-a-Service family is more secure than ever against freeware unlocking services, if not necessarily as quick to propagation as other families, like the Scarab Ransomware. Different versions of it remain active in 2019, including the CILLA Ransomware, the Badday Ransomware, the .DOCM Ransomware, and the Erenahen Ransomware. With another entry into the field, the 'ponce.lorena@aol.com' Ransomware is, however, the first that's using a proper name.

The 'ponce.lorena@aol.com' Ransomware's e-mail address is a possibly-misspelled reference to a well-known American violinist, and it may or may not be relevant to its chosen infection strategies. Some threat actors prefer torrents, which could include pirated music plausibly, for dropping file-locking Trojans from RaaS families. Victims should contact appropriate security researchers and provide details on their point of exposure.

Besides the mystery of its distribution routes, the 'ponce.lorena@aol.com' Ransomware wields the traditional AES algorithm-derived encryption for locking files, such as JPG pictures, Word documents, and other formats of digital media. It adds the e-mail address from its name as a new extension, which also doubles as the contacting point for ransom negotiations over the decryptor. While malware researchers recommend against paying extortionists, the relevant ransom directions are in an HTML file in the same folder as the blocked media.

Bringing Trojan Music to an Abrupt Stop

Although the Globe Imposter Ransomware family isn't advanced incredibly, the simple encryption routine provides a way of locking users out of their text documents and other content indefinitely. The 'ponce.lorena@aol.com' Ransomware also may delete some formats of backups, mainly, the Shadow Volume Copies or the Restore Points. Users saving their backups onto other devices are in much less danger of being in an extortion-suitable position, even after infection.

Although the 'ponce.lorena@aol.com' Ransomware may be circulating as an illicit download, as per the previously-noted theme, other infection vectors are at least as likely. Malware analysts recommend installing security fixes and using good passwords, particularly, as well as turning off RDP, if possible. File-locking Trojans acquire targets through random searches for vulnerable servers or hardware frequently.

The bulk of anti-malware products are flagging this Trojan correctly and can delete the 'ponce.lorena@aol.com' Ransomware quickly, assuming that they're protecting your computer actively. Typically, users shouldn't engage in manual uninstall efforts, since most Trojans of the family will conduct system changes related to the Registry, which is a potentially-sensitive part of Windows.

It's a little odd for a Trojan to have its contact be the same as its extension theme, but the Ransomware-as-a-Service industry sees all campaigns. The 'ponce.lorena@aol.com' Ransomware isn't sweet music to anyone's ears unless you're in the business of extorting money out of the weak.