PTP Ransomware

Posted: August 9, 2018

PTP Ransomware Description

The PTP Ransomware is a Korean variant of Hidden Tear, a file-locking Trojan whose source code is available for 'educational' purposes. This threat is capable of blocking various formats of media on your computer and creating text messages telling you to pay a ransom for recovering them. Diligent backup schedules can defend your files against these attacks, and anti-malware products with any viability versus Hidden Tear should have equally few issues with deleting the PTP Ransomware.

The Apple of a Criminal's Eye

In comparison to Russia, Europe or the US, South Korea isn't the most frequent target for file-locker Trojans, but, sometimes, malware researchers find campaigns running in it, such as the BadRabbit Ransomware's family, the Hidden Tear remix of the KoreanLocker Ransomware, and the independent RansomAES Ransomware. Hidden Tear variants are especially typical since HT's source code is available to the public freely. Now, it's giving the gift of another file-locking Trojan to Korean web surfers by the name of the PTP Ransomware.

The PTP Ransomware's threat actor, who refers to himself as 'KimApple,' is still developing this Trojan, which is dropping new ransoming messages and, otherwise, showing few changes from Utku Sen's old demo of Hidden Tear. After infecting Windows PCs, the PTP Ransomware scans multiple directories for Word documents, Excel spreadsheets, JPG pictures, and other media types that it encrypts with an AES algorithm, consequentially 'locking' the files. The PTP Ransomware also injects its extension into their names (as an example, 'dogwood.jpg' becomes 'dogwood.jpg.PTPRansomware').

KimApple is monetizing these attacks by dropping Notepad ransoming instructions (for now, into a 'test' folder) that provides a Discord contact for the ransoming negotiations. The Trojan gives the same directions in both Korean and English text, making the PTP Ransomware appropriate for any victims in South Korea and a broad range of other nations, as well. Malware experts, while not recommending paying the ransom, have yet to find the PTP Ransomware in a publicly-releasable state and can't confirm any of its payment amounts or currencies.

Saving Korea's Files from a Freeware Invasion

Hidden Tear is a prolific and diverse family, due to any random criminal being capable of distributing a minor variant of it with no more than a few minutes of work. The under a megabyte, Windows program may circulate through several exploits, the most likely of which are below:

  • Spam e-mails can include attachments with inaccurate names or embedded, unsafe content (in many cases, either a PDF or DOC-based exploit) for installing file-locker Trojans.
  • Brute-force attacks can give a threat actor like KimApple access to your server by compromising the login, with short and default credentials being highly vulnerable.
  • Exploit kits also are responsible for a minority of file-locking Trojans' distribution and can attack your PC after your browser loads a hostile website without any additional protection.
  • Some file-sharing networks also host threats of this classification, especially, with files that pretend that they're in-demand downloads, such as AAA game cracks.

Your default, Windows backups may or may not be available for restoring any data that this Trojan encrypts. Updating backups at secure locations can protect digital media from all threats of this category. Because of its changes to default Windows components, malware experts only recommend uninstalling the PTP Ransomware with a proper anti-malware product or the help of a trusted cyber-security specialist.

All regions with any significant financial activity and computer users are at risk from file-locker Trojans. The PTP Ransomware is no more than an updated memo to Korean Web surfers that they need to be just as careful as their counterparts in America, Japan or Britain.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PTP Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.