Promos Ransomware

The Promos Ransomware is a variant of the STOP Ransomware or the Djvu Ransomware, a file-locking Trojan that encrypts content like documents or pictures for blocking them, changes their extensions, and creates ransoming messages in text files. The users should, if possible, keep backups for protecting media from these attacks, which, in this case, are irreversible without the threat actor's decryption help. Anti-malware protection also can be valuable for deleting the Promos Ransomware before it starts attacking or disinfecting an already-compromised PC.

The STOP Ransomware isn't Stopping Today

The STOP Ransomware isn't a very fast-moving family in comparison to the Scarab Ransomware or other threats with more devoted developers and criminal clientele. While its development is nearly stagnant, new versions of the STOP Ransomware offer similarly-unbreakable attacks for encrypting and locking the files that are most valuable to their victims. A new version is using infection methods compromising PC users in the rarely-targeted Bangladesh, although it's unlikely that the upstart, the Promos Ransomware, limits itself to that specific country.

The Promos Ransomware's encryption impacts most commonly-used formats of digital media, such as Word and PDF documents, Notepad text files, JPG or GIF pictures, archives, databases and video. The Promos Ransomware does add an identifying 'promos' extension to their names, which the users can search for as a means of determining what content the Trojan is locking. Its other symptom merely is creating a Notepad readme file with its ransoming instructions.

Malware experts continue to rate the cipher in use here as being non-decryptable without the custom information that only the threat actors can offer. If the threat actors are providing free samples, as with the old versions of STOP Ransomware's family willingly, the users can take advantage of that option without any fear, although paying the ransom isn't a safe choice under any circumstances. Typical ransoming values from file-locker Trojans' campaigns are between several hundred and a thousand dollars and come with no promises of getting any future decryption help.

A Stopping Point that All File-Locker Trojans Have to Respect

The users should have backups for the most efficient recovery possible for any files, but, also, may use advanced data-repair options, such as ShadowExplorer, as a last resort. Backups should have a robust layer of security between them and any Internet-connected devices through which threats like the Promos Ransomware could attack, such as unique login credentials and requiring admin privileges. Protecting PCs from the Promos Ransomware includes scanning all files with proper security software, disabling possibly-unsafe features like Java, Word macros or RDP, and avoiding file-sharing sources with high infection rates, such as torrents and strange e-mail attachments.

The Promos Ransomware, along with every other member of the STOP Ransomware's family, is a Windows-based program and can run in most versions of the OS. Malware experts discourage assuming that its attacks will cause any visually-evident side effects while the locking procedure is ongoing; in most cases, file-locking Trojans confine all of their encryption features to process-injected or otherwise-hidden routines. However, a reputable anti-malware program should be removing the Promos Ransomware on sight as soon as the Trojan infiltrates the system.

It will be an unusual development if Bangladesh remains the only nation that the Promos Ransomware attacks statistically. Ordinarily, file-locking Trojans circulate throughout the world, and users everywhere should prepare their safety measures with that fact kept in mind.