Prodecryptor Ransomware
The Prodecryptor Ransomware is a file-locking Trojan that blocks your computer's media and displays ransoming messages for selling its decryption service. As a rule, users should back up any work of value to them for keeping threats of this type from holding them hostage. Professional anti-malware services should remove the Prodecryptor Ransomware safely and intervene in any installation exploits.
The 'Pro' of a Trojan that's Using Gmail
Last year's BlackHeart Ransomware, which remains undecryptable by free software, may be finding new life with an alias in 2019. This latest campaign, the Prodecryptor Ransomware, includes the usual accouterments of a file-locker Trojan's payload, with cosmetic details that signify a connection with the old Trojan. The name change may be the threat actors' attempt at re-branding their Ransomware-as-a-Service business or the result of a different criminal's aesthetic preferences.
The Prodecryptor Ransomware's attacks encrypt PDF documents, JPG images, Excel spreadsheets, and other media that's not essential to the Windows OS's functioning. Like most of the file-locker Trojans that malware experts catch, it shows no symptoms while locking the files with its custom algorithm, but adds a campaign-specific extension ('.prodecryptor') to the ends of each filename afterward. Encrypted files can't open without being decrypted, which requires the key that the Prodecryptor Ransomware's threat actors hold for ransom.
At the end of its attack, the Prodecryptor Ransomware also creates a pop-up that's almost identical to that of the BlackHeart Ransomware, but with a different name and a Gmail e-mail for negotiating. It also provides a similar Notepad TXT equivalent, although this text file has no additional information. Malware researchers have no data on the ransoming cost of the decryption service, but, if the Prodecryptor Ransomware is an update of BlackHeart Ransomware, any free unlocking possibilities are unlikely.
Being a Professional about Data Recovery
Nearly all file-locker Trojans, particularly, ones that exhibit the level of professionalism that one sees in the Ransomware-as-a-Service sector, will account for, and erase Windows' default backup information. Although a victim could opt to pay the ransom, criminals tend towards Bitcoin and other payment routes that let them keep the money without refunds for failing at providing the service. Safer solutions than giving in to extortion require having your backup on a location that's secure, such as a disconnected portable drive.
Remote Desktop Protocol settings are a likely vulnerable, through which, a threat actor could gain control of your PC and drop threats like the Prodecryptor Ransomware. Weak passwords offer similar dangers that are susceptible to brute-force attacks by Black Hat software. Finally, e-mail phishing attacks, both targeted and untargeted, make up a significant proportion of modern infection vectors. Anti-malware services should delete the Prodecryptor Ransomware suitably from your PC before it locks any files, but any encrypted media will remain in that state indefinitely.
It's never too late to hear from old enemies like BlackHeart Ransomware. The Prodecryptor Ransomware's new name serves of evidence of new interest in extortion – which most PC owners can prevent, with a little due diligence.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.