Proticc Ransomware
The Proticc Ransomware is an encryption ransomware Trojan based on HiddenTear. This is an open source ransomware platform that has been responsible for numerous ransomware variants since its initial release in 2015. The Proticc Ransomware works in a way nearly identical to the countless other encryption ransomware Trojans being used to attack computer users.
Sympyoms of a Proticc Ransomware Infection
The Proticc Ransomware arrives to a computer most commonly through spam emails. The victims will receive an email message containing an attached Microsoft Word file, often using embedded macro scripts to download and install the Proticc Ransomware onto the victim's computer. Once the Proticc Ransomware has been installed, the Proticc Ransomware will use the AES and RSA encryptions to make the victim's files inaccessible. The Proticc Ransomware targets the user-generated files, which may include numerous document types. The file types often targeted by attacks like the Proticc Ransomware include:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The Proticc Ransomware marks every encrypted file with the file extension '.lol' added to the end of each affected file. The Proticc Ransomware also will deliver a ransom note in the form of a program window named 'Proticc Ransomware.' The Proticc Ransomware displays the following ransom note to the victims:
'YOU HAVE BEEN ENCRYPTED BY the Proticc Ransomware !
Your personal files are encrypted!
Your files have been safely encrypted on this pC: photos, videos,
documents, etc. Click "Show encrypted files" Button to view complete
list of encrypted files, and you can personally verify this. Encryption was
produced using a unique key RSA-2048 generated for this
computer. To decrypt files you need to obtain the private key. The only
copy of the private key, which allow you to decryprt your files, is located
on the secret server in the Internet; the server will eliminate the key after a
time period specified in this window.
Once this has been done, nobody will ever be able to recover.'
It is a must do to refrain from following the instructions in the Proticc Ransomware, which ask the victim to contact the criminals and pay a ransom to obtain the decryption key. However, since the Proticc Ransomware's ransom note doesn't provide contact information, it is likely that this threat is unfinished, and it simply offers no way of recovering encrypted files currently.
Dealing with a Proticc Ransomware Infection
Unfortunately, it is true that the encryption used to compromise the victim's files is unbreakable currently. The most effectual protection against threats like the Proticc Ransomware is to have file backups stored on the cloud or an external device. Having these ensures that victims can replace any compromised files with backup copies after completely removing the Proticc Ransomware infection or wiping the affected drives completely. The Proticc Ransomware should be removed with an anti-malware product that also can prevent it from being installed in the first place.
