The Prometey Ransomware is a new malware threat that gots public attention in the cybersecurity world since the beginning of October 2019. It exhibits the classic capabilities and features of a ransomware infection by encrypting files on victims’ computers through the AES encryption algorithm and demanding the payment of a ransom in exchange for a decryption key. The encrypted files include images, video and audio files, text documents, backups and banking data.
The Ransom Note
A text file whose name consists of a victim-specific ID , followed by “-help.txt,” contains the ransom note, and explains that the victim’s data has been locked. The attackers also threaten to delete the affected files if the user reloads the operating system or tries to remove Prometey from the computer. The purchase of the decryptor is supposed to be conducted over the Tor browser, while the payment is required in Bitcoins.
How the Prometey Ransomware is Disseminated
The Prometey Ransomware distribution channels include unprotected RDP protocols, spam e-mail campaigns, infected attachments, corrupted links on the Internet, fake software updates and many others. The ransomware secures its persistence by adding its own entries in the Windows Registry and creating compromised processes in the operating system. Some researchers claim that Prometey resembles AnteFrigus Ransomware in the way the ransom note is written, as well as in that it adds random extensions to the locked files.
Also, when used incorrupted ad campaigns, the Prometey Ransomware redirects the users to the RIG Exploit Kit. The Prometey Ransomware also can be programmed to erase the Windows Shadow Volume Copies, and the decryption key is saved on a remote server controlled by the attackers, so the removal of this infection and the data recovery should be performed only by experienced PC users, or through an automated removal tool.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Prometey Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.