Promock Ransomware
The Promock Ransomware is an update to the family of the STOP Ransomware (AKA Djvu Ransomware) that blocks your files with either an online or offline-based encryption routine. Back your work up to other, secure devices for eliminating the leverage of its attacks, which aren't always reversible with free, public solutions. Most anti-malware programs, also, can protect your PC by disabling, quarantining or uninstalling the Promock Ransomware as necessary.
Trojans Making a Mockery of Your Files
A new version of the small but persistent family of the STOP Ransomware is off to South America at the same time as other threats from the group target nearby regions. Although unlocking solutions from the cyber-security industry are getting updates for this build, the Promock Ransomware, data recovery, as usual, has sharp limitations and isn't a substitute for backing up your work. Its campaign is live and has at least one victim, so far, although no ransom payments are traceable.
The Promock Ransomware is targeting Venezuelans simultaneously as its fellow variant, the Promorad Ransomware, does the same with Colombians. These attacks are the current in a series of examples from its file-locker Trojan family, however, which goes back as far as 2018 with members like the '.WHY File Extension' Ransomware, the INFOWAIT Ransomware and the '.PUMA File Extension' Ransomware. Infection strategies that malware experts recommend guarding against include brute-forcing non-secure passwords for server logins and spam e-mails that could carry the Trojan or its dropper via attachments.
If the Promock Ransomware contacts its C&C server while it's encrypting the files, it retrieves a custom RSA key for securing them. The victims' best hopes of decrypting and restoring their images, documents, and other media files directly lie in disabling network access in time, which causes the Promock Ransomware to fall back to a static, internal key. Only in this limited case can malware experts confirm the possibility of recovering any of the files that the Promock Ransomware locks by using the public STOPDecrypter.
Taking the Fun Out of Database Mocking
Since it's unlikely that most victims will disable their connections in time to interfere with the Promock Ransomware's payload, the users should depend on other, prevention-based security countermeasures. Malware experts encourage backing up media to other devices that aren't network-accessible to any file-locker Trojans especially. Other steps worth taking for your PC's safety include:
- Avoid enabling Word macros or browser JavaScript, Flash, and Java, which are possible vulnerabilities for non-consensual downloads.
- Use login combinations that aren't weak to brute-force attacks that can estimate simple or factory-setting passwords.
- Monitor features like your firewall ports and RDP for weaknesses that could let a remote attacker take control of your PC.
Criminals not introducing Trojans of this type manually will, often, use financial document-themed tactics for tricking a victim into opening a corrupted file. Anti-malware software that's compatible with Windows environments should eliminate the Promock Ransomware automatically or uninstall it, even if they can't decrypt your media.
The only thing that's stopping the STOP Ransomware offspring like the Promock Ransomware is the steadfast security protocols of the people that they're targeting. It's never too late to back your files up, assuming that they're worth paying money for recovering.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.