PTP Ransomware

The PTP Ransomware is a Korean variant of Hidden Tear, a file-locking Trojan whose source code is available for 'educational' purposes. This threat is capable of blocking various formats of media on your computer and creating text messages telling you to pay a ransom for recovering them. Diligent backup schedules can defend your files against these attacks, and anti-malware products with any viability versus Hidden Tear should have equally few issues with deleting the PTP Ransomware.

The Apple of a Criminal's Eye

In comparison to Russia, Europe or the US, South Korea isn't the most frequent target for file-locker Trojans, but, sometimes, malware researchers find campaigns running in it, such as the BadRabbit Ransomware's family, the Hidden Tear remix of the KoreanLocker Ransomware, and the independent RansomAES Ransomware. Hidden Tear variants are especially typical since HT's source code is available to the public freely. Now, it's giving the gift of another file-locking Trojan to Korean web surfers by the name of the PTP Ransomware.

The PTP Ransomware's threat actor, who refers to himself as 'KimApple,' is still developing this Trojan, which is dropping new ransoming messages and, otherwise, showing few changes from Utku Sen's old demo of Hidden Tear. After infecting Windows PCs, the PTP Ransomware scans multiple directories for Word documents, Excel spreadsheets, JPG pictures, and other media types that it encrypts with an AES algorithm, consequentially 'locking' the files. The PTP Ransomware also injects its extension into their names (as an example, 'dogwood.jpg' becomes 'dogwood.jpg.PTPRansomware').

KimApple is monetizing these attacks by dropping Notepad ransoming instructions (for now, into a 'test' folder) that provides a Discord contact for the ransoming negotiations. The Trojan gives the same directions in both Korean and English text, making the PTP Ransomware appropriate for any victims in South Korea and a broad range of other nations, as well. Malware experts, while not recommending paying the ransom, have yet to find the PTP Ransomware in a publicly-releasable state and can't confirm any of its payment amounts or currencies.

Saving Korea's Files from a Freeware Invasion

Hidden Tear is a prolific and diverse family, due to any random criminal being capable of distributing a minor variant of it with no more than a few minutes of work. The under a megabyte, Windows program may circulate through several exploits, the most likely of which are below:

• Spam e-mails can include attachments with inaccurate names or embedded, unsafe content (in many cases, either a PDF or DOC-based exploit) for installing file-locker Trojans.
• Brute-force attacks can give a threat actor like KimApple access to your server by compromising the login, with short and default credentials being highly vulnerable.
• Exploit kits also are responsible for a minority of file-locking Trojans' distribution and can attack your PC after your browser loads a hostile website without any additional protection.
• Some file-sharing networks also host threats of this classification, especially, with files that pretend that they're in-demand downloads, such as AAA game cracks.

Your default, Windows backups may or may not be available for restoring any data that this Trojan encrypts. Updating backups at secure locations can protect digital media from all threats of this category. Because of its changes to default Windows components, malware experts only recommend uninstalling the PTP Ransomware with a proper anti-malware product or the help of a trusted cyber-security specialist.

All regions with any significant financial activity and computer users are at risk from file-locker Trojans. The PTP Ransomware is no more than an updated memo to Korean Web surfers that they need to be just as careful as their counterparts in America, Japan or Britain.