Princess Ransomware

The Princess Ransomware is an encryption ransomware Trojan that is part of a Ransomware as a Service (RaaS) platform that is being advertised on the Dark Web currently. PC security analysts have observed advertisements for the Princess Ransomware RaaS in June 2018. The Princess Ransomware seems to be the product of a group based in Russia or composed primarily of Russian speakers. There is little to differentiate the Princess Ransomware from other encryption ransomware Trojans and RaaS platforms that are currently active, and the same preventive measures that apply for other threats should be used to prevent the Princess Ransomware attacks.

The Princess that will Damage Your Precious Data

The Princess Ransomware was created using C programming language. The Princess Ransomware, like many other encryption ransomware Trojans, uses the AES 256 encryption to make the victim's files inaccessible. The Princess Ransomware targets the user-generated files. The file extensions that are targeted in attacks similar to the Princess Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Since the Princess Ransomware is part of a RaaS platform, the criminals can create custom versions of this threat, each designed to be used against specific targets.

The Princess Ransomware’s Features

Each version of the Princess Ransomware can be adapted to display a specific ransom note, dropping files on the victim's computer and changing the infected computer's desktop image. The Princess Ransomware variants can rename the files encrypted by the attack, and the strings used to rename the affected files can be customized. The Princess Ransomware uses a payment portal that includes support for multiple languages and a personalized payment address for each victim. The Princess Ransomware communicates with a Command and Control server using TOR, which makes the attack difficult to intercept. The Princess Ransomware, like most encryption ransomware Trojans, works by taking the victim's files hostage, encrypting them with its strong encryption algorithm, and then demanding a ransom payment from the victim.

Preventing a Princess Ransomware Attack

Unfortunately, there is no known way to obtain the decryption key after the Princess Ransomware has compromised the victim's files. Because of this, the best measure against the Princess Ransomware and similar encryption ransomware threats is to take preventive measures. The best prevention measure is to have file backups stored on the cloud or an external memory device. Having file backups stored on a location inaccessible to the Princess Ransomware means that the affected files can be replaced with backup copies after an attack. The Princess Ransomware infection itself is not difficult to remove and can be intercepted by a security program that is fully up-to-date, but the files compromised by the Princess Ransomware may be lost irrevocably without the decryption key. Threats like the Princess Ransomware are distributed using spam email attachments frequently. Because of this, it is important to handle this unsolicited content safely, learn to recognize these tactics and respond appropriately. Encryption ransomware Trojans like the Princess Ransomware are becoming more common increasingly, especially with the advent of RaaS platforms like this one, or threats like the Princess Ransomware so that it is paramount to ensure that your files are well protected.