PrOtOnIs Ransomware

By GoldSparrow in Ransomware

Translate To:

The PrOtOnIs Ransomware is a generic crypto-threat that was discovered in the third week of August 2018. The PrOtOnIs Ransomware is packed as a Trojan that might be installed on your system when you open macro-enabled DOCX files received via email. Cybercriminals are using carefully crafted fake job applications, invoices, business propositions, and Amazon delivery reports to lure PC users into opening the DOCX installer for the PrOtOnIs Ransomware. The PrOtOnIs Ransomware is known to encode photos, text, PDFs, spreadsheets, presentations, databases, audio and video on the compromised machines. The threat is categorized as a version of the Xorist Ransomware due to many similarities regarding how the encryption is applied and the file structure used by the Trojan. The PrOtOnIs Ransomware may add the '.PrOtOnIs' and the '.PrOtOnIs.VaNdElIs' extensions to the filenames. For example, 'Degradead-For Better or Worse.ogg' may be renamed to 'Degradead-For Better or Worse.ogg.PrOtOnIs' and 'Degradead-For Better or Worse.ogg.PrOtOnIs.VaNdElIs.' The file 'HOW TO DECRYPT FILES.TXT' can be opened with the Microsoft's Notepad and reads:

'ATENTION!!!
I am truly sorry to inform you that all your important files are crypted.
If you want to recover your encrypted files you need to follow a few steps.
Attention!! I do not offer for free the decrypt key, for that you have to pay 0.08 BITCOIN.
Step 1: Create an account on www[.]localbitcoins[.]com
Step 2: Buy 0.08 BITCOIN
Step 3: Send the amount on this BTC address: lcyVzadAas7SA1r7VPmCP8FCUKMQYWp6w
Step 4: Contact me on this email address protonis@gmx.com with this subject: ID-RESTORE-008PROTONISPCID0381723 After this steps you will receive through email the key and a decrypt tutorial.
Here is another list where you can buy bitcoin: hxxps://bitcoin[.]org/en/exchanges'

The threat authors may invite users to send a message to 'protonis@gmx.com' and wait for a response regarding how much money the decryptor costs and where to send the amount. The version analyzed on August 21st, 2018 by researchers stated that the users should pay 0.08 Bitcoin to 'lcyVzadAas7SA1r7VPmCP8FCUKMQYWp6w,' which makes ≈532 USD according to conversion rates at the time of writing. The people behind the PrOtOnIs Ransomware should not be trusted as they continue to release threats like the Xorist-XWZ Ransomware and the Xorist-Frozen Ransomware. The best way to discourage the continuous development of new Xorist versions is to abstain from paying the ransom. You can use backup images and services like OneDrive to rebuild your data. You may want to keep the encrypted files on a USB drive and wait for a free decryptor to become public in the future. The removal of the PrOtOnIs Ransomware should be carried out with the assistance of a good anti-malware product.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

PrOtOnIs Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen