Threat Database Ransomware Decrypt Protect Ransomware

Decrypt Protect Ransomware

By Domesticus in Ransomware

Threat Scorecard

Threat Level: 50 % (Medium)
Infected Computers: 42
First Seen: May 14, 2013
Last Seen: October 1, 2022
OS(es) Affected: Windows

Decrypt Protect Ransomware Image

The Decrypt Protect Ransomware infection is one of the many variants of well known Police Ransomware Trojans, including all the known variants of the FBI Moneypak scam and a particularly nasty Winlocker ransomware Trojan known as Spamhaus ransomware. However, the Decrypt Protect Ransomware attack includes a component that is not common in other variants of this scam. The Decrypt Protect Ransomware encrypts files, changing their extension so that they will lead computer users to a website containing its ransom message. Rather than displaying a start-up message and blocking access to the victim's computer completely, Decrypt Protect Ransomware uses a more exhaustive approach to extort money from computer users.

The Decrypt Protect Ransomware infection is closely related to the many variants of the FBI MoneyPak ransomware, despite the fact that it uses a different method to extract its ransom from its victims. The Decrypt Protect Ransomware infection will detect files on the victim's computer that match certain parameters. The Decrypt Protect Ransomware will usually affect files that may have value to the victim such as images, spreadsheets and text documents. Once the Decrypt Protect Ransomware has done this, the Decrypt Protect Ransomware encrypts the files so that they will not be accessible. We have observed these types of attacks before. However, the Decrypt Protect Ransomware infection adds an additional step; this ransomware Trojan adds the HTML extension to encrypted files so that they will be opened by a Web browser. When computer users try to access an encrypted file, their Web browser will access a Web page containing the Decrypt Protect Ransomware's ransom message. It is important to note that the Decrypt Protect Ransomware encryption will not target files in TIFF format.

How Decrypt Protect Ransomware is Used to Steal Money from Computer Users

The Decrypt Protect Ransomware infection is also closely related to the Spamhaus Ransomware in that the Decrypt Protect Ransomware uses a ransom message that is very much alike to the one used by this know ransomware Trojan. One particularly striking similarity is that both infections use a message claiming that the victim has '48 hours left to enter their payment', giving the attack a sense of urgency that may prompt inexperienced computer users to pay the ransom. It is important to note that there is no actual time limit on the attack and that paying the ransom will do nothing to remove the Decrypt Protect Ransomware infection or return access to affected files on the compromised computer.

1 Comment

Hello.
Does this application decrypt damaged files?
THanks

Trending

Most Viewed

Loading...