Promorad2 Ransomware

Posted: April 11, 2019

Promorad2 Ransomware Description

The Promorad2 Ransomware is a file-locker Trojan that comes from STOP Ransomware's family. It disables recovery and repair-related Windows features while blocking your files with encryption so that it can sell the decryptor to you. Let your anti-malware products protect your PC by removing the Promorad2 Ransomware automatically and store backups safely for file recovery choices that don't need a compatible decryptor's assistance.

Another Promo of the STOP Ransomware is Getting Started

The STOP Ransomware, also using the name of Djvu Ransomware (according to one of its earliest variant's extension choice), is seeing constant abuse with threat actors hiring its features out for file-locking attacks against different targets. One of the most recent of these threats, the Promorad2 Ransomware, is active in the wild with victims in Peru providing samples of the Trojan's components and some of the files that it's locking. As usual, however, borders or other geolocational considerations don’t restrict the Promorad2 Ransomware’s payload.

The Promorad2 Ransomware's campaign is running alongside similarly-dated ones from the same family, presumably, by other threat actors, which include the attacks of the Promock Ransomware, the Tronas Ransomware, the Grovat Ransomware, the Raldug Ransomware, as well as others. It could be attacking users randomly through torrents, which are a known infection vector for its family, although more file-locker Trojans prefer exploits such as e-mail-attached, corruptedly-crafted documents, browser threats like the Neutrino Exploit Kit, or brute-force attacks. Users without security solutions for identifying it in time will have their files locked and encrypted by the Promorad2 Ransomware's payload.

The Promorad2 Ransomware includes offline and online variants of this file-sabotaging function, which makes documents and other media on the PC unreadable. Rather than testing each file, one at a time, however, users can search for the 'promorad2' extension that it appends for telling what media is captive. Promorad2 Ransomware may remove one's Shadow Copy-based backups preventing users from repairing anything.

An Easy Stopping Point for a STOP Ransomware Revamp

Like most Ransomware-as-a-Service entities, the Promorad2 Ransomware's family is in the hands of various criminals that can pay and have no means of programming a file-locking Trojan by themselves. This third-party factor injects significant uncertainty into determining how the Promorad2 Ransomware circulates. Malware researchers advise being highly cautious around the infection vectors that are most common to file-locking Trojans, overall, which consist of all of the below:

  • E-mail messages, especially documents and other attachments, may carry Trojan droppers or downloaders for installing this threat.
  • Free downloading resources may pass the Promorad2 Ransomware's installer off as an executable crack for a game, a movie, or other, illegally-distributed content.
  • Exploit Kits can distribute the Promorad2 Ransomware by abusing the software vulnerabilities that it loads through your Web browser, particularly, via JavaScript or Flash.

Besides all of the above risks, site and network administrators are in danger of targeted, brute-force attacks that may crack logins with unsafe passwords. 'Unsafe' includes both simple strings ('password123,' for example) as well as factory-default ones. Users will require backups for file recovery unless an offline decryptor for the Promorad2 Ransomware variant appears, but most anti-malware products should stop and uninstall the Promorad2 Ransomware appropriately.

Even when they're so easily reproduced and administrated by new faces, ransoms for your files aren't a joke. Doing your part to put down the Promorad2 Ransomware's portion of the RaaS industry calls for good backup software, due diligence and little else.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Promorad2 Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Promorad2 Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.