Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Ransomware '.protected File Extension' Ransomware
2 Comments

'.protected File Extension' Ransomware

By GoldSparrow in Ransomware
Translate To:
English

The '.protected File Extension' Ransomware is an encryption ransomware Trojan that is used to encrypt its victims' files. The '.protected File Extension' Ransomware uses an advanced encryption algorithm to make the victim's files inaccessible, adding the extension '.protected' to each file it encrypts. The '.protected File Extension' Ransomware delivers a ransom note demanding the payment of 0.5 BitCoin (approximately $270 USD) in exchange for the decryption key. Unfortunately, it is not possible to recover the files encrypted by the '.protected File Extension' Ransomware without access to the decryption key, although a decrypting application has been made available through various malware researchers. However, computer users should remove the '.protected File Extension' Ransomware infection itself with a reliable anti-malware program that is fully up-to-date, before attempting to recover their files.

Infection Vectors that may be Used by the '.protected File Extension' Ransomware

The '.protected File Extension' Ransomware may be distributed through corrupted spam email attachments or links. Emails associated with the '.protected File Extension' Ransomware may contain fake header information and content that will make it seem as if the email comes from a trustworthy source. The content of the email may be designed to trick inexperienced computer users so that they will open an attached file or embedded link. When computer users click on this content, the '.protected File Extension' Ransomware is installed on their computers.

How the '.protected File Extension' Ransomware Infection Works

The '.protected File Extension' Ransomware is designed to infect all versions of Windows, from Windows XP up until Windows 10. The '.protected File Extension' Ransomware attack is mainly comprised of an encryption component that encrypts the victim's files using the AES-256 and RSA encryption methods. As soon as the '.protected File Extension' Ransomware enters a computer, it scans the victim's hard drives for data files that it can encrypt. The '.protected File Extension' Ransomware searches for certain file extensions, and after encrypting the files with those encryptions will add the extension '.protected' to the file's name. The file extensions that may be targeted by the '.protected File Extension' Ransomware and similar threats include:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.

Whenever the '.protected File Extension' Ransomware encrypts a file, it drops a text file named 'HOW_TO_RESTORE_YOUR_DATA.txt' on each directory where it has encrypted content. The '.protected File Extension' Ransomware also drops a copy of this file on the victim's Desktop and changes the Windows Desktop wallpaper image to a PNG file containing the same content in image form. This file contains the '.protected File Extension' Ransomware's ransom note, which instructs the victim about how to pay the '.protected File Extension' Ransomware's ransom and to recover from the attack. The ransom note that has been associated with the '.protected File Extension' Ransomware infection has the following content:

What happened to your files ?
All of your data has been encrypted
What does this mean ?
The data within your files has been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
Decrypting of your files is only possible with the help of the private key and the decription tool, which is available for a small fee.
What do I do?
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
If you remove this program your data will NOT be decrypted, additionally you will loose the opportunity to ever decrypt your files.
How do I decrypt my files?
To receive the decryption tool and the associated decryption key, you will have to pay a fee of 0.5 BTC (Bitcoin) which is equivalent to around $200.
The fee has to be paid within 7 days. If you fail to pay the fee in time, the decyption key will be destroyed and you will loose your files forever!
How do I get Bitcoin?
There’s several ways to buy Bitcoin, please have a read through one or multiple of the following guides:
https://localbitcoins.com/guides/how-to-buy-bitcoins
https://en.bitcoin.it/wiki/Buying_Bitcoins_%28the_newbie_version%29
Please note: Most of these guides will tell you to create a Bitcoin wallet. You can skip this step and use the provided Bitcoin wallet address below.
You can copy and paste these links into your browser to open the sites.
The fastest way to buy Bitcoin is to use an Bitcoin ATM, Bitcoin ATM’s can be found all over the world, a list / map of Bitcoin ATM’s can be found here:
Bitcoin ATM Map
On some systems this page may take a while to load, please be patient.
When using a Bitcoin ATM we will receive the payment instantly and thus, your files can be decrypted as soon as today!
Where to send the payment to?
Your personal Bitcoin wallet address: –
Please use only this wallet address when making the payment of 0.5 BTC
What happens after the payment?
After you have made the payment, please click the check payment button below. After successful receipt of payment you will receive the decryption tool and associated decryption key.
Thanks, have a lovely day.

2 Comments

Vikas Reply

Does this malware program decry-pt the file to its original position?

GoldSparrow Reply

SpyHunter can remove the ransomware threat. However, there is no program available from anyone to decrypt the files. You must utilize a backup to decrypt files.

Trending

Most Viewed

Loading...