Threat Database Ransomware Pr0tector Ransomware

Pr0tector Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 6,350
First Seen: March 31, 2017
Last Seen: July 19, 2022
OS(es) Affected: Windows

The Pr0tector Ransomware is a ransomware Trojan that was first observed in March 2017. Like most ransomware Trojans, the Pr0tector Ransomware is designed to encrypt the victims' files and then ask for the payment of a ransom in exchange for the decryption key. As with most ransomware Trojans, PC security analysts recommend that computer users take steps to protect their files and computers through the use of reliable anti-malware software and file backups.

The Pr0tection that You Don’t Want on Your Computer

Reports of the Pr0tector Ransomware infections indicate that the threat may have infiltrated the victims' computers using an RDP connection. Con artists may take advantage of poorly secured systems to infect their computers. When the password and user name are weak, con artists can take advantage and install threats like the Pr0tector Ransomware on the victim's computer. The Pr0tector Ransomware represents a real threat to the victims' files and seems to be designed to target corporate networks, servers, and other high profile targets especially. The main purpose of the Pr0tector Ransomware is to encrypt the victims' files and then demand large sums of money to decrypt the files, taking the victims' files hostage until a ransom is paid.

How the Pr0tector Ransomware Carries out Its Attack

Vulnerable servers may not have the necessary security updates or may have poor password protection. Cyber crooks may take advantage of this to install threats like the Pr0tector Ransomware to make money at the expense of the victims. The Pr0tector Ransomware targets a wide variety of file types, encrypting them using a combination of the RSA and AES encryption to make them completely inaccessible. Once the Pr0tector Ransomware has encrypted a file, it changes the file's extension to '.pr0tect', making it simple to tell which files have been affected in the Pr0tector Ransomware attack. After encrypting the victim's files, the Pr0tector Ransomware displays its ransom note in the form of a text file that is delivered to the infected computer's desktop. This file is named 'READ ME ABOUT DECRYPTION.txt' and demands the payment of a ransom from the victim to recover from the attack. In the case of the Pr0tector Ransomware and other threats in this ransomware Trojan family, the victim is instructed to contact a specific email address to receive further instructions. The Pr0tector Ransomware's ransom note reads as follows:

'Your files were encrypted.
Your personal ID is: -
To buy private key for unlocking files please contact us:
Please include the ID above.'

Dealing with the Pr0tector Ransomware and Preventing Other Infections

Apart from encrypting its victims' files, the Pr0tector Ransomware also will delete the Shadow Volume Copies and interfere with other recovery methods that could help computer users recover compromised files. The Pr0tector Ransomware seems to be designed to target online stores, Web servers, and business networks specifically. Because of this, the people responsible for the Pr0tector Ransomware expect larger ransom payments, since the potential for disruption caused by the Pr0tector Ransomware is much higher than is the case with ransomware Trojans designed to target individual users' computers.

The email addresses used by the people responsible for the Pr0tector Ransomware are difficult to track and allow these people to remain anonymous. Payment methods are usually BitCoins or other anonymous online payments, also making it very difficult to track the crooks responsible for these attacks. This, coupled with obfuscation methods and the fact that the Pr0tector Ransomware covers its tracks well after an attack, means that the Pr0tector Ransomware can be quite difficult to study and track by PC security researchers.

Computer users should refrain from paying the Pr0tector Ransomware's ransom, especially since there is little chance that the people responsible for the Pr0tector Ransomware attack will respond honestly and help the computer users recover after the payment has been carried out. Instead, they should make sure that file backup systems are in place and security passwords and security software are all being used.


Most Viewed