Professeur Ransomware

Called by cybersecurity analysts the Professeur Ransomware, this new variant of the growing JigSaw Ransomware family has been spotted in the wild recently. The Professeur Ransomware displays the typical characteristics of a ransomware threat. The Professeur Ransomware infiltrates the computer system of unsuspecting users, locks the most widely used file types by encrypting them, and demands the payment of a ransom for the restoration of the data.

Users affected by Professeur Ransomware will have their files locked, and their files names changed to include a new extension - '.Professeur.' Instead of dropping a text file with a ransom note, the Professeur Ransomware displays a pop-up window on its victim's screen. The cybercriminals leave specific instructions for the affected users. They demand the payment of at least $50 in Bitcoin on the first day or the sum will be doubled afterward. To further scare the victims, the criminals warn that during the first 24 hours, some of the encrypted files will be deleted. The rate of deletion increases drastically with a hundred files deleted on the second day and a thousand files on the third. The cybercriminals also threaten to delete five of the user's files everytime the computer system is shut down, or the pop-up window generated by Professeur Ransomware is closed. An email address is provided as a communication channel - zemblax@protonmail[.]com.

The full text of the ransom note is:

'All Your Files Has Been Locked!

Your personal files are being deleted. Your photos, videos, documents, etc. . .

But All of your files were protected by a strong encryption.

This means that we can decrypt all your files after paying the ransom.

 

Every hour I select some of them to delete permanently,

You Have 1day to Decide to Pay.

after 1 Day Decryption Price will be Double.

During the first 24 hour you will only lose a few files,

the second day a few hundred, the third day a few thousand, and so on.

If you turn off your computer or try to close me, when I start next time

you will get 5 files deleted as a punishment.

If you want to unlock your data

You Can Learn Decrypt Instructions

click on the button: HOW TO DECRYPT FILES? 

Contact us: zemblax@protonmail.com

 

1 file will be deleted.

View encrypted files

Please, send at least $50 worth of Bitcoin here:

1C1pAkwpvuxr4ZxzqHSeTLpFGQMDMJKS3U

 How To Decrypte Files !'

While the Professeur Ransomware may appear scary at first sight incredibly, all users infected with it are, in fact, quite lucky, as there is a free decryption tool for some of the Jigsaw Ransomware variants that could potentially restore their valuable files without the need even to contact the cyber crooks. It is still strongly advised that a legitimate anti-malware program should be used for the removal of the threat from the compromised computer system.