AskHelp@protonmail.com Ransomware
The 'AskHelp@protonmail.com' Ransomware is an encryption ransomware Trojan first observed on July 31, 2018. The 'AskHelp@protonmail.com' Ransomware is a variant of threats that had been observed earlier in 2018, such as the Matrix Ransomware. The 'AskHelp@protonmail.com' Ransomware, like most encryption ransomware Trojans, is programmed to take victims' files hostage, use a strong encryption algorithm to make them unusable, and then demand a ransom payment from the victim.
Do Not Ask Help from Cyber-Criminals – It, Most of the Time will Be a Waste of Time
The 'AskHelp@protonmail.com' Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, adding the file string '[AskHelp@protonmail.com].ANN' to the end of the files' names, replacing the affected files' file extensions. The 'AskHelp@protonmail.com' Ransomware targets the user-generated files, which may include files with the following file extensions:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The 'AskHelp@protonmail.com' Ransomware delivers a ransom note containing the following text:
'HOW TO RECOVER YOUR FILES INSTRUCTION
ATENTION!!!
We are really sorry to inform you that ALL YOUR FILES WERE ENCRYPTED by our automatic software. It became possible because of bad server security.
ATENTION!!!
Please don't worry, we can help you to RESTORE your server to original state and decrypt all your files quickly and safely!
INFORMATION!!!
Files are not broken!!! Files were encrypted with AES-128+RSA-2048 crypto algorithms. There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automatically DELETED
AFTER 7 DAYS! You will irrevocably lose all your data! ' Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!
Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.
HOW TO RECOVER FILES???
Please write us to the e-mail (write on English or use professional translator): AskHelp@protonmail.com
AskHelp@tutanota.com
AskHelp@india.com
You have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!
In subject line write your personal ID:
[random characters]
We recommend you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files.
Please note that files must not contain any valuable information and their total size must be less than 5Mb.
OUR ADVICE!!!
Please be sure that we will find common language. We will restore all the data and give you recommendations how to configure the protection of your server.
We will definitely reach an agreement;] !!!
ALTERNATIVE COMMUNICATION
If you did not receive the answer from the aforecited emails for more then 24 hours please send us Bitmessages from a web browser through the webpage hxxps://bitmessage[.]me. Below is a tutorial on how to send bitmessage via web browser: 1. Open in your browser the link hxxps://bitmse[.]me/users/sign_up and make the registration by entering name email and password.
2. You must confirm the registration, return to your email and follow the instructions that were sent to you.
3. Return to site and click "Login" label or use link hxxps://bitmse[.]me/users/sign_in, enter your email and password and click the "Sign in" button.
4. Click the "Create Random address' button.
5. Click the "New massage" button.
6. Sending message: To: Enter address: BM-[random characters]
Subject: Enter your ID:
In Message: Describe what you think necessary.
Click the "Send message' button.'
Infected with AskHelp@proton'
Dealing with the 'AskHelp@protonmail.com' Ransomware
The best protection against threats like the 'AskHelp@protonmail.com' Ransomware is to have file backups. Apart from file backups, an anti-malware program can be used to intercept or remove the 'AskHelp@protonmail.com' Ransomware completely. However, the encrypted files will not be recoverable without the decryption key and will need to be restored from a backup.
