'Yourencrypter@protonmail.ch' Ransomware

The 'Yourencrypter@protonmail.ch' Ransomware is a variant of the Paradise Ransomware, a RaaS or Ransomware-as-a-Service family of file-locker Trojans. Infections may prevent you from opening different file types, documents, and other media particularly, create text ransom notes and change your desktop's background. All users affected by this threat should have their anti-malware program uninstall the 'Yourencrypter@protonmail.ch' Ransomware before using the data recovery solutions in this article.

Falling Back into a Crook's Paradise

Threat actors are testing a new version of the 2017's Paradise Ransomware against threat databases, with the likelihood of planning additional, identity-obfuscating efforts for keeping their Trojan concealed from well-known security brands. Since malware analysts are seeing no present-day attacks involving this update, the 'Yourencrypter@protonmail.ch' Ransomware, its threat actors may be planning on giving it more patches before releasing it into the wild. However, like most RaaS products, its file-locking and ransoming routines are feature-complete.

The 'Yourencrypter@protonmail.ch' Ransomware uses RSA encryption as its means of 'locking' files of different formats not required by Windows for its basic stability, such as images, spreadsheets, documents or archives. In addition to this encrypting feature, which malware experts rated as being secure in the old versions of the Paradise Ransomware, the 'Yourencrypter@protonmail.ch' Ransomware also injects additional information (both a Base64 string and a separate number) into the file's internal data, which is new. The 'Yourencrypter@protonmail.ch' Ransomware's file-locking feature is slow relatively, but also offers no symptoms for helping the users identify it until after the media lockdown occurs.

As a final function, the 'Yourencrypter@protonmail.ch' Ransomware changes the desktop's background to a ransom warning and creates a text file with its in-depth ransoming instructions. The in-progress version of the 'Yourencrypter@protonmail.ch' Ransomware is at risk of being decrypted by free solutions, and malware experts advise contacting reputable security researchers for unlocking your files if you have no other options. Always keep spare copies of any media that you run through a decryptor in case the application corrupts the data.

Another Way of Dodging the Fee for Digital Paradise

Although the 'Yourencrypter@protonmail.ch' Ransomware is more compatible with decryption research than old members, it also is a work-in-progress that has yet to deploy itself against the public at large. A future the 'Yourencrypter@protonmail.ch' Ransomware campaign could include more protection than previously for its data-locking feature and not every version of the Paradise Ransomware is freely decryptable. As a precaution against such issues, malware experts recommend having backups that file-locker Trojans can't delete, encrypt, or corrupt, such as a cloud backup or a detachable USB.

The 'Yourencrypter@protonmail.ch' Ransomware's family also is notable for its distribution by using RDP exploits and brute-force attacks, which exploit risky passwords and login credentials. Using longer passwords, refraining from sharing them between multiple accounts, and avoiding default ones will keep brute-force attempts at compromising your PC from succeeding. Professional anti-malware programs also may delete the 'Yourencrypter@protonmail.ch' Ransomware during other installation attempts, such as via a document vulnerability, or disinfect the system afterward.

The 'Yourencrypter@protonmail.ch' Ransomware's is only its author's definition of 'paradise,' but couldn't make money without the help of those whom it harms. A high-quality backup and a little due diligence regarding your network's security can turn the 'Yourencrypter@protonmail.ch' Ransomware's ransom-collecting account into a hell, instead.