Decrypt Protect Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 50 % (Medium) |
Infected Computers: | 42 |
First Seen: | May 14, 2013 |
Last Seen: | October 1, 2022 |
OS(es) Affected: | Windows |
The Decrypt Protect Ransomware infection is one of the many variants of well known Police Ransomware Trojans, including all the known variants of the FBI Moneypak scam and a particularly nasty Winlocker ransomware Trojan known as Spamhaus ransomware. However, the Decrypt Protect Ransomware attack includes a component that is not common in other variants of this scam. The Decrypt Protect Ransomware encrypts files, changing their extension so that they will lead computer users to a website containing its ransom message. Rather than displaying a start-up message and blocking access to the victim's computer completely, Decrypt Protect Ransomware uses a more exhaustive approach to extort money from computer users.
The Decrypt Protect Ransomware infection is closely related to the many variants of the FBI MoneyPak ransomware, despite the fact that it uses a different method to extract its ransom from its victims. The Decrypt Protect Ransomware infection will detect files on the victim's computer that match certain parameters. The Decrypt Protect Ransomware will usually affect files that may have value to the victim such as images, spreadsheets and text documents. Once the Decrypt Protect Ransomware has done this, the Decrypt Protect Ransomware encrypts the files so that they will not be accessible. We have observed these types of attacks before. However, the Decrypt Protect Ransomware infection adds an additional step; this ransomware Trojan adds the HTML extension to encrypted files so that they will be opened by a Web browser. When computer users try to access an encrypted file, their Web browser will access a Web page containing the Decrypt Protect Ransomware's ransom message. It is important to note that the Decrypt Protect Ransomware encryption will not target files in TIFF format.
How Decrypt Protect Ransomware is Used to Steal Money from Computer Users
The Decrypt Protect Ransomware infection is also closely related to the Spamhaus Ransomware in that the Decrypt Protect Ransomware uses a ransom message that is very much alike to the one used by this know ransomware Trojan. One particularly striking similarity is that both infections use a message claiming that the victim has '48 hours left to enter their payment', giving the attack a sense of urgency that may prompt inexperienced computer users to pay the ransom. It is important to note that there is no actual time limit on the attack and that paying the ransom will do nothing to remove the Decrypt Protect Ransomware infection or return access to affected files on the compromised computer.