Home Malware Programs Ransomware 'secureserver-eu@protonmail.com' Ransomware

'secureserver-eu@protonmail.com' Ransomware

Posted: February 21, 2019

The 'secureserver-eu@protonmail.com' Ransomware is a file-locking Trojan that pretends that it's a legal program of Proton Technologies AG, a company that runs an end-to-end encrypted e-mail service. This threat is a part of the GarrantyDecrypt Ransomware family and blocks your media for ransoms illicitly. Have backups on other PCs or storage devices for saving your files easily, and use anti-malware tools for deleting the 'secureserver-eu@protonmail.com' Ransomware when necessary.

The GarrantyDecrypt Ransomware Gets a Proton-Themed Update

Old forms of ransom-based threats, such as screen-locker Trojans, tended to emphasize tricking their victims with tactics, such as by pretending that the attack is a lawful action from the nation's police force. While such techniques are falling by the wayside, some of the latest file-locking Trojans do use them. The 'secureserver-eu@protonmail.com' Ransomware offers a sample of just how such attacks could lead to the users paying ransoms, thinking that it's a legal requirement for getting their files.

The 'secureserver-eu@protonmail.com' Ransomware is nothing more than a variant of the GarrantyDecrypt Ransomware, a Trojan that malware experts also witness splitting off into versions like the COSANOSTRA Ransomware an the 'decryptgarranty@airmail.cc' Ransomware. Like most file-locker Trojans, it uses a secure encryption routine (in this case, with an RSA algorithm) for locking the documents, pictures, archives and other files on Windows computers. The 'secureserver-eu@protonmail.com' Ransomware may add other symptoms, such as changing extensions on the files' names or swapping out the desktop's wallpaper, although these cosmetics are optional.

What makes the 'secureserver-eu@protonmail.com' Ransomware different from most versions of the GarrantyDecrypt Ransomware is the text of the ransom note. This file pretends that the 'secureserver-eu@protonmail.com' Ransomware is a service related to ProtonMail and is protecting your files from theft after a security breach requiring the user's changing their login information. The threat actors are bolstering their chances of ransoming success by asking for money in the name of a legitimate company – one that does, in fact, traffic in encryption technology.

Bolstering Your Defenses Ahead of a Trojan's Update Cycle

The 'secureserver-eu@protonmail.com' Ransomware shows more technical details that imply that the maintainer is making real changes to the family's payloads, such as altering the file marker it implants into the data of what it blocks. However, the most critical symptoms are just as defensible by users doing little other than keeping spares of their files on cloud services, extra USB drives or other backup locations. Malware experts warn that free decryption solutions for the 'secureserver-eu@protonmail.com' Ransomware's family aren't expected for public availability in the future without any breakthroughs or bugs.

Corrupted e-mail attachments and brute-force attacks that crack weak logins are some of the most traditional ways through which file-locker Trojans get access to PCs. In the latter case, threat actors may launch the Trojan automatically, after granting themselves admin-level access and further control through RDP features. Standard anti-malware programs are having few problems with detecting and removing the 'secureserver-eu@protonmail.com' Ransomware, however, assuming that the users scan their downloads and take other precautions as necessary.

While malware experts don't have hard data on the 'secureserver-eu@protonmail.com' Ransomware's infection tactics, they do have statistics on its being in the wild, already. It's never too soon to back up your files, particularly, when a new Trojan is out and about.

Loading...