Threat Database Ransomware cryptoplant@protonmail.com' Ransomware

cryptoplant@protonmail.com' Ransomware

By GoldSparrow in Ransomware

The 'cryptoplant@protonmail.com' Ransomware is a ransomware Trojan that encrypts files, first observed on February 11, 2019. The 'cryptoplant@protonmail.com' Ransomware is a variant of the Matrix family of ransomware, first observed in April of 2018. The 'cryptoplant@protonmail.com' Ransomware carries out a typical version of this ransomware attack, using a potent encryption algorithm to encrypt the victims' files, taking them hostage via this method, and then demanding a ransom payment in exchange for releasing the compromised data. The 'cryptoplant@protonmail.com' Ransomware, like its predecessors from this ransomware family, is typically delivered to the victims via spam email attachments, often in the form of corrupted Microsoft Office documents that use embedded macro scripts, which will download and install the 'cryptoplant@protonmail.com' Ransomware onto the victim's computer.

How the 'cryptoplant@protonmail.com' Ransomware Carries Out Its Attack

The 'cryptoplant@protonmail.com' Ransomware is typically delivered via corrupted spam email attachments. Once installed, the 'cryptoplant@protonmail.com' Ransomware uses a strong encryption algorithm to compromise the user-generated files that it discovers on the infected computer. These user-generated files may include a wide variety of document types, media files, databases, configuration files, and numerous others, including files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The 'cryptoplant@protonmail.com' Ransomware attacks seem to target European and American subjects mostly. The 'cryptoplant@protonmail.com' Ransomware attack will generally mark the files it encrypts with the file extension '.PLANT' added to the file's name. After the files have been compromised, they also may be renamed with the addition of the string [CryptoPlant@protonmail.com] to each affected file as a prefix. The criminals will demand a ransom payment from the victim by delivering a ransom note in the form of a text file named '#PLANT_README.rtf,' which asks the victim to contact the criminals responsible for the 'cryptoplant@protonmail.com' Ransomware via email.

Dealing with the 'cryptoplant@protonmail.com' Ransomware

When the victims of the 'cryptoplant@protonmail.com' Ransomware attack contact the criminals, they will typically be asked to pay a ransom using Bitcoin or other digital currencies, which sometimes can be very costly. Malware specialists advise computer users to refrain from paying the 'cryptoplant@protonmail.com' Ransomware ransom or contacting the criminals. The perpetrators of attacks like the 'cryptoplant@protonmail.com' Ransomware's have no intention of assisting the victims of the attack and computer users that contact them are generally targeted for additional tactics or attacks or simply ignored after they have carried out the payment. Paying these ransoms also allows the criminals responsible for the 'cryptoplant@protonmail.com' Ransomware to continue developing and releasing threats like the 'cryptoplant@protonmail.com' Ransomware. Since the 'cryptoplant@protonmail.com' encrypts the files with a method that makes them undecryptable, the best way to avoid these threats is to have the capacity to restore the compromised data from the file backups, which should always be stored on external devices.

Trending

Most Viewed

Loading...