'look1213@protonmail.com' Ransomware

The 'look1213@protonmail.com' Ransomware is part of a ransomware family known as the BTCWare Ransomware that has been quite active in June 2017. The 'look1213@protonmail.com' Ransomware may be delivered to victims through the use of corrupted spam email attachments, which may take the form of Microsoft Word files with active macros that download and install the 'look1213@protonmail.com' Ransomware onto the victim's computer. After the victim opens the corrupted file and allows the script to run, the 'look1213@protonmail.com' Ransomware will be downloaded and set up on the victim's computer, beginning its attack. The 'look1213@protonmail.com' Ransomware infection is typical of these threats, blocking access to the victim's files by encoding them with a strong encryption algorithm and then demanding the payment of a ransom from the victim through BitCoins.

The Different Versions of the 'look1213@protonmail.com' Ransomware

Various versions of the 'look1213@protonmail.com' Ransomware are associated with different contact email addresses depending on the version being used in the attack. It is likely that the con artists release new variants of the 'look1213@protonmail.com' Ransomware attack with different contact email addresses as a way to stay ahead of PC security researchers and the police. The 'look1213@protonmail.com' Ransomware carries out a common encryption attack, by using a strong encryption method to encrypt the victim's files and then demand that the victim pay in exchange for the decryption key that is required to recover the affected files. After encrypting the victim's files, the 'look1213@protonmail.com' Ransomware will change the affected files' extension, adding a string to the end of each affected file as an easy way of identifying which files were compromised by the 'look1213@protonmail.com' Ransomware attack. Different variants of the 'look1213@protonmail.com' Ransomware have been observed using dissimilar file extensions to identify the affected files, including:

• .blocking
• .xfile
• .master
• .cryptobyte
• .cryptowin
• .btcware
• .theva

The following are some of the email addresses that have been associated with the 'look1213@protonmail.com' Ransomware variants:

• xwa@protonmail.ch
• unlocking.guarantee@aol.com
• help@onyon.info
• look1213@protonmail.com

Ransom notifications also change may from one variant of the 'look1213@protonmail.com' Ransomware to the other. The ransom messages that have been linked to some of the 'look1213@protonmail.com' Ransomware variants are:

'[WHAT HAPPENED]
Your important files produced on this computer have been encrypted due a security problem If you want to restore them, write us to the e-mail: look1213@protonmail.com You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

[ATTENTION]
Do not rename encrypted files Do not try to decrypt your data using third party software, it may cause permanent data loss If you not write on e-mail in 36 hours - your key has been deleted and you cant decrypt your files
Your ID:
[114 RANDOM CHARACTERS]'

Dealing with the 'look1213@protonmail.com' Ransomware

The 'look1213@protonmail.com' Ransomware will deliver its ransom notes via INF or HTA files dropped on the infected computer's desktop. These files will be named '!#_RESTORE_FILES_#!.inf' and '#_HOW_TO_FIX_!.hta.' Computer users should refrain from following the instructions contained in the 'look1213@protonmail.com' Ransomware message and, instead, take steps to protect their computers with the help of a reliable, fully updated anti-malware application. It is an imperative measure to take steps to backup your files, as it is the best protective action against the 'look1213@protonmail.com' Ransomware and other ransomware variants. Having file backups offers complete protection from the 'look1213@protonmail.com' Ransomware and similar threats, allowing victims to recover the files quickly without having to acquiesce and pay the ransom.