Multi-Device Licenses (Volume Discounts)
Threat Database Ransomware Professor Ransomware

Professor Ransomware

By CagedTech in Ransomware
Translate To:
English

The Professor Ransomware is a powerful threat based on the VoidCrypt Ransomware family. Although it is just another variant, it can disrupt the systems it manages to infect completely via a strong encryption routine, utilizing a military-grade cryptographic algorithm. The goal of the attackers is to lock the data found on the devices and then extort the victims for money.

The Professor Ransomware follows the typical behavior associated with VoidCrypt members. It can affect a wide range of file types. VIctims will notice that the names of their files also have been changed suddenly. The threat adds an email address, a string of characters, and a new file extension to the original name of each encrypted file. The email address is profes0r@tutanota.com, the character string denotes the ID assigned to the particular victim and the new file extension is '.professor.'

Demands Overview

After it has completed the encryption of all targeted files on the system, the Professor Ransomware will display a ransom note to its victims. The instructions will be shown in a new pop-up window created from a file named '!INFO.HTA.' The note doesn't reveal the amount of the demanded ransom but it does state that 48 hours after the attack, the price will be doubled. It also shows that the attackers prefer for the payment to be made using the Bitcoin cryptocurrency. As for communication channels, affected users are left with two email addresses - 'profes0r@tutanota.com' and 'Profes0r@protonmail.com.'

The full text of the instructions left by the Professor Ransomware is:

'!!! Your Files Has Been Encrypted !!!♦ your files has been locked with highest secure cryptography algorithm ♦
 there is no way to decrypt your files without paying and buying Decryption tool♦
♦ but after 48 hour decryption price will be double♦
♦ you can send some little files for decryption test♦
♦ test file should not contain valuable data♦
♦ after payment you will get decryption tool ( payment Should be with Bitcoin)♦
♦ so if you want your files dont be shy feel free to contact us and do an agreement on price♦
♦ !!! or Delete you files if you dont need them !!!♦Your ID :-
our Email :profes0r@tutanota.com
In Case Of No Answer :Profes0r@protonmail.com'

Related Posts

Trending

Most Viewed

Loading...