ProLock Ransomware
The ProLock Ransomware is a piece of ransomware utilizing PowerShell commands to plant malware straight into system memory. The ProLock Ransomware appends the '.ProLock' extension to each encrypted file. The encryption process ends with the generation of a ransom note — a text file called 'HOW TO RECOVER FILES].txt.' The note contains instructions about the required ransom amount, as well as the infection in particular. The victims’ files are encrypted with an RSA-2048 algorithm, which used in the army reportedly. The ransomware is relatively new, and security researchers suspect it might be spreading through unpatched RDP vulnerabilities.
Victims are urged to install the TOR browser before contacting the crooks via the communication channels mentioned in the note. While the exact ransom amount depends on how fast victims contact the actors behind the ProLock Ransomware, the latter warn that they will only keep a working decryptor for one month.
Because of its PowerShell interference, the ProLock Ransomware may prove difficult to remove incredibly even with a reputable anti-malware tool. Injecting code into system memory directly is a fileless infection practically and could potentially do significant further damage if left at large.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.