Promos Ransomware

The Promos Ransomware is an encryption ransomware Trojan that carries out a typical malware attack of this type, taking victims' files hostage in exchange for a ransom payment in digital currency. The Promos Ransomware is a variation of the STOP Ransomware and was first released in February 19, 2019. Unfortunately, the Promos Ransomware attack encrypts the data in a way that makes them unrecoverable, which makes prevention essential in dealing with threats like the Promos Ransomware.

How the Promos Ransomware Trojan Attacks a Computer

The Promos Ransomware uses a strong encryption algorithm and marks each file encrypted by its attack with the file extension '.promos,' added to the end of each file's name. The Promos Ransomware targets the user-generated files in its attack, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Promos Ransomware drops a text file named '_readme.txt' on the infected computer's desktop after encrypting the victim's files and deleting the Shadow Volume Copies of each affected file. This ransom note contains the following message, which demands a ransom payment from the victim:

'------------------------ ALL YOUR FILES ARE ENCRYPTED ------------------------
Don't worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don't try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.
-------------------------------------------------------------------------------------------------------
To get this software you need write on our e-mail:
blower@firemail.cc
Your personal ID: [random characters]'

Protecting Your Data from Threats Like the Promos Ransomware

The Promos Ransomware's encryption method makes it impossible to recover the compromised data. Because of this, malware researchers strongly advise computer users to take steps to protect their data from these threats and have the means to recover any data that becomes compromised. The best way to ensure this is to have backup copies of your data stored on the cloud another safe place. Apart from file backups, a proper security program can intercept threats like the Promos Ransomware before they manage to take any data hostage. The Promos Ransomware is commonly distributed using corrupted spam email attachments so that it is especially important that computer users learn to spot these tactics and respond to it appropriately.