'prusa@rape.lol ' Ransomware

The 'prusa@rape.lol' Ransomware is a part of the RotorCrypt Ransomware family, a group of file-locking Trojans that encrypts digital media with a secure RSA algorithm. Besides they not opening, any affected files will have significant changes to their names, including new extensions. PC users should back their work up for keeping it safe from attacks and use anti-malware utilities as appropriate for removing the 'prusa@rape.lol' Ransomware or preventing installation exploits.

An Aggressive Assault on Your Files

Threat actors are using a morbid variant of Cock.li's free e-mail service, which they're coupling with a new version of the RotorCrypt Ransomware, for getting ransoms out of locking files. The threat, the 'prusa@rape.lol' Ransomware, can endanger media of the usual formats (such as Word DOC documents or JPG pictures) by encrypting them and adds name edits for enhancing their visibility. The victim, then, has the choice of paying the ransoming demands in its message or retrieving their files in some other way – or allowing their effective destruction.

The 'prusa@rape.lol' Ransomware's family is a historical outlier for its attacking Russian residents and delivering appropriate ransom notes for that country although it also has English translations for any victims living elsewhere. Like close relatives such as the 'nautilus369alarm@gmail.com' Ransomware, the Panama1@tutamail.com Ransomware, the Starbax@tutanota.com Ransomware, and the 'Blacknord@tutanota.com' Ransomware, it blocks the victim's media files with RSA encryption. This secure encryption method includes an unlocking key that the threat actor owns, who sells it for a ransom.

The 'prusa@rape.lol' Ransomware inserts 'prus' extensions and the e-mail from its name (which it encloses with multiple exclamation points) into the filenames for identifying, along with dropping an 'informprus' text file. The latter contains its ransoming instructions, which include using TOR for communicating with the criminal discreetly. No ransom numbers are traceable, so far, and malware experts can't confirm whether or not the 'prusa@rape.lol' Ransomware's admin is following through on his threat of deleting the unlocking information after one week.

Taking a Self-Defense Class for Your Files

The RotorCrypt Ransomware family has no free decryption solutions, although a Russia-oriented AV vendor is offering premium file recovery assistance. Under ordinary circumstances, users will need backups that the 'prusa@rape.lol' Ransomware hasn't erased or encrypted for recovering any of their files. USB, CD or DVD storage, or cloud services are some of the options that malware experts are recommending as effective against file-locking Trojans, including the RotorCrypt Ransomware members like the 'prusa@rape.lol' Ransomware, and its hundreds of competitors.

The 'prusa@rape.lol' Ransomware's campaign may be targeting server administrators by compromising their accounts through the brute-forcing of their passwords and related login information. Besides maintaining careful login security, users can implement protective steps such as scanning e-mail downloads and URLs before opening them and disabling Web-browsing features that are highly exploitable, such as Flash. Most anti-malware programs should delete the 'prusa@rape.lol' Ransomware after identifying it as a threat but can't undo its encryption.

The 'prusa@rape.lol' Ransomware is one of many, file-locking Trojans using an especially tasteless e-mail option for adding insult to the injury of harming your media. Unquestionably, however, anyone who's in a position of taking offense to the 'prusa@rape.lol' Ransomware's ransoming attempts are putting themselves in it by not keeping their files in proper storage conditions.