Protect (MedusaLocker) Ransomware

The Protect Ransomware is a threat specifically designed to encrypt data and demand ransom payments from its victims.

During the encryption process, the Protect Ransomware targets various files and modifies their filenames by appending a distinct extension, such as '.protect3.' For instance, a file originally named '1.jpg' will have its name transformed into '1.jpg.protect3,' while '2.png" will become '2.png.protect3,' and so on. It is important to note that the exact number within the extension may vary depending on the specific variant of the ransomware.

Upon completing the encryption of files on the compromised systems, the Protect Ransomware generates a ransom note titled 'How_to_back_files.html.' Analyzing the contents of this note reveals that the ransomware primarily focuses on targeting companies rather than individual home users. The note likely contains instructions on how to proceed with the ransom payment and obtain the decryption key.

It should be noted that this is not the first ransomware threat tracked under the name Protect. However, unlike the previous malware threat, the newer the Protect Ransomware has been confirmed to be a variant from the infamous MedusaLocker Ransomware family.

The Protect Ransomware Seeks to Extort Victims For Money

The ransom note of the Protect Ransomware claims that all critical files on the compromised devices have been encrypted using robust cryptographic algorithms, namely RSA and AES. The attackers explicitly warn that any attempts to rename, modify, or decrypt the locked data will render it permanently undecryptable. Only the cybercriminals possess the capability to restore the affected files.

Furthermore, the ransom note discloses that in addition to the encryption, confidential and personal information has been exfiltrated from the compromised network. This revelation adds an additional layer of concern for the victim's data security and privacy. The note proceeds to instruct the victim to establish contact with the attackers within a limited timeframe of 72 hours. Two email addresses are mentioned in the ransom note as possible communication channels - 'ithelp01@securitymy.name' and 'ithelp01@yousheltered.com.'

To test the attackers' decryption capability, victims are requested to send two to three non-important files. Failure to comply with the ransom demands will result in the cybercriminals publicly leaking the stolen data.

It is essential to acknowledge that, in the majority of cases, decryption without the involvement of the attackers is highly improbable. Exceptions may exist but are rare and typically involve ransomware with severe flaws.

It is strongly advised against meeting the demands of the cybercriminals. There is no guarantee of data recovery even if the ransom is paid, as often, the promised decryption tools are not provided. Furthermore, complying with the ransom demands inadvertently supports and encourages illegal activities.

While removing the Protect Ransomware from the operating system is crucial to prevent further encryptions, it is essential to recognize that the removal itself will not restore the files that have already been compromised. Thus, it is imperative to prioritize preventive measures and robust cybersecurity practices to minimize the risk of ransomware attacks and mitigate their potential impact.

Prevent Ransomware Attacks by Taking Effective Security Mesures

To protect data and devices from ransomware threats, users should implement a comprehensive set of security measures. Here are the most effective practices to consider:

• Regular Data Backups: Maintain frequent backups of important data and store them offline or in secure cloud storage. This ensures that even if files are encrypted, they can be restored from a clean backup.
•  Keep Software Updated: Install updates and patches for operating systems, applications, and security software promptly. Updates often include critical security fixes that address vulnerabilities targeted by ransomware.
•  Be Careful with Emails: Be vigilant when handling email attachments and links. Avoid opening attachments or clicking on suspicious links from unknown or untrusted sources. Verify the legitimacy of emails before interacting with any embedded content.
•  Utilize Anti-Malware Software: Install reputable anti-malware solutions on all devices. Keep them up to date to detect and block ransomware threats effectively.
•  Implement Strong Passwords and Multi-Factor Authentication: Create strong, unique passwords for all accounts, including devices and online services. Enable multi-factor authentication (MFA) whenever possible to add an extra layer of security.
•  Practice Safe Web Browsing: Stick to trusted websites and avoid clicking on suspicious links or downloading files from unverified sources. Use browser extensions that block malicious content and provide safe browsing environments.
•  Security Awareness Training: Educate users about ransomware threats, phishing attacks, and safe online practices. Regularly train employees to recognize and report potential threats to enhance overall security posture.

By implementing these security measures, users can significantly reduce the risk of falling victim to ransomware attacks. It is crucial to continuously update and adapt security practices to stay ahead of evolving threats and maintain a robust defense posture.

The text of the ransom note dropped by Protect Ransomware is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

email:
ithelp01@securitymy.name
ithelp01@yousheltered.com

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

Tor-chat to always be in touch:'