'yoursalvations@protonmail.ch' Ransomware

Posted: November 26, 2018

'yoursalvations@protonmail.ch' Ransomware Description

The 'yoursalvations@protonmail.ch' Ransomware is a new release from the Everbe@airmail.cc Ransomware family that uses an updated ransom note and extension. The 'yoursalvations@protonmail.ch' Ransomware blocks your files through multiple methods, such as the AES or DES algorithms, which it secures with another layer of the RSA encryption. Save your backups to other devices for recovering media and use anti-malware products for deleting the 'yoursalvations@protonmail.ch' Ransomware safely.

A Salvation that's not Worth the Price

Releases of the Everbe@airmail.cc Ransomware, one of the lesser families of Ransomware-as-a-Service Trojans, are maintaining a steady stream of media-endangering campaigns, with one or two new variants verifiable each month. Just after the latest versions, such as the 'everest@airmail.cc' Ransomware, the NOT_OPEN_LOCKER Ransomware, the notopen@cock.li Ransomware and the '.divine File Extension' Ransomware, malware researchers noted one more, for November. The 'yoursalvations@protonmail.ch' Ransomware is targeting the media of multiple regions around with the world appropriate language support.

The 'yoursalvations@protonmail.ch' Ransomware can be set up for locking files with multiple encryption standards, although a typical procedure involves the AES and RSA. The 'yoursalvations@protonmail.ch' Ransomware blocks documents, pictures, and similar media formats in locations such as the desktop and downloads folder, and may, also, encrypt any unprotected network shares. The e-mail in its name is one of two that the Trojan appends to these locked files, instead of the normal format of a bracketed e-mail and a random word (such as 'locked') as the new extension.

Although the 'yoursalvations@protonmail.ch' Ransomware also generates a pop-up window for a ransom note, the message doesn't give a price for its decryptor. The use of multiple-language support, while being something that malware researchers see in other campaigns (for example, the Hidden Tear's Genocheats Ransomware), is notable for being a built-in feature of the window. Being capable of delivering instructions in French, Italian, Spanish, and English adds flexibility to the file-locking Trojan's campaign equally but doesn't give its premium unlocking services any additional credibility.

Saving Yourself from All-Too-Common Trojans

File-locking Trojans like the 'yoursalvations@protonmail.ch' Ransomware, remove any local backups that they can find while they're locking your files frequently, but not universally. These attacks are, accordingly, best mitigated by the existence of backed up media on other devices, either portable or cloud-accessed ones. Although there is a decryption utility that's compatible with some versions of this family of file-locker Trojans, it does require samples of both encrypted and unencrypted files for finding the encryption key.

Some of the measures by which threats of this type spread, and means of defending your PC against them, include:

  • Brute-force software can estimate login credentials and give remote attackers access to your network. Use passwords and usernames that abide by traditional security metrics for your account's protection.
  • Spam e-mails are prominent infection strategy for business sector-based targets and can include general-interesting disguises, such as news reports or ones that are specific to the company or employee. Scan your e-mail attachments before opening them with appropriate security tools, and be careful about enabling advanced document content.
  • Exploit kits are, sometimes, recruited for distributing file-locker Trojans. PCs with outdated software are more at risk from their drive-by-downloads, as are browsers with Flash, Java, or JavaScript enabled by default.

Users, also, may protect their PCs by having Windows-compatible anti-malware products identify and delete the 'yoursalvations@protonmail.ch' Ransomware, which they should do automatically.

The fact that the 'yoursalvations@protonmail.ch' Ransomware isn't restricting its victims to one country or another isn't remarkable but is a point worth mentioning. Anyone believing that where they live will protect their computers against threat actors who don't care how they make their money may find themselves getting an unhappy wakeup call.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 'yoursalvations@protonmail.ch' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware 'yoursalvations@protonmail.ch' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.