Home Malware Programs Ransomware Promock Ransomware

Promock Ransomware

Posted: March 8, 2019

The Promock Ransomware is an update to the family of the STOP Ransomware (AKA Djvu Ransomware) that blocks your files with either an online or offline-based encryption routine. Back your work up to other, secure devices for eliminating the leverage of its attacks, which aren't always reversible with free, public solutions. Most anti-malware programs, also, can protect your PC by disabling, quarantining or uninstalling the Promock Ransomware as necessary.

Trojans Making a Mockery of Your Files

A new version of the small but persistent family of the STOP Ransomware is off to South America at the same time as other threats from the group target nearby regions. Although unlocking solutions from the cyber-security industry are getting updates for this build, the Promock Ransomware, data recovery, as usual, has sharp limitations and isn't a substitute for backing up your work. Its campaign is live and has at least one victim, so far, although no ransom payments are traceable.

The Promock Ransomware is targeting Venezuelans simultaneously as its fellow variant, the Promorad Ransomware, does the same with Colombians. These attacks are the current in a series of examples from its file-locker Trojan family, however, which goes back as far as 2018 with members like the '.WHY File Extension' Ransomware, the INFOWAIT Ransomware and the '.PUMA File Extension' Ransomware. Infection strategies that malware experts recommend guarding against include brute-forcing non-secure passwords for server logins and spam e-mails that could carry the Trojan or its dropper via attachments.

If the Promock Ransomware contacts its C&C server while it's encrypting the files, it retrieves a custom RSA key for securing them. The victims' best hopes of decrypting and restoring their images, documents, and other media files directly lie in disabling network access in time, which causes the Promock Ransomware to fall back to a static, internal key. Only in this limited case can malware experts confirm the possibility of recovering any of the files that the Promock Ransomware locks by using the public STOPDecrypter.

Taking the Fun Out of Database Mocking

Since it's unlikely that most victims will disable their connections in time to interfere with the Promock Ransomware's payload, the users should depend on other, prevention-based security countermeasures. Malware experts encourage backing up media to other devices that aren't network-accessible to any file-locker Trojans especially. Other steps worth taking for your PC's safety include:

  • Avoid enabling Word macros or browser JavaScript, Flash, and Java, which are possible vulnerabilities for non-consensual downloads.
  • Use login combinations that aren't weak to brute-force attacks that can estimate simple or factory-setting passwords.
  • Monitor features like your firewall ports and RDP for weaknesses that could let a remote attacker take control of your PC.

Criminals not introducing Trojans of this type manually will, often, use financial document-themed tactics for tricking a victim into opening a corrupted file. Anti-malware software that's compatible with Windows environments should eliminate the Promock Ransomware automatically or uninstall it, even if they can't decrypt your media.

The only thing that's stopping the STOP Ransomware offspring like the Promock Ransomware is the steadfast security protocols of the people that they're targeting. It's never too late to back your files up, assuming that they're worth paying money for recovering.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Promock Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.