Threat Database Ransomware 'Restore@protonmail.ch' Ransomware

'Restore@protonmail.ch' Ransomware

By GoldSparrow in Ransomware

The 'Restore@protonmail.ch' Ransomware is related to Fantom, a known ransomware Trojan. The 'Restore@protonmail.ch' Ransomware will attempt to collect the victim's money by taking the victim's files hostage. The 'Restore@protonmail.ch' Ransomware uses an approach similar to Fantom, displaying a fake Windows Update screen while the 'Restore@protonmail.ch' Ransomware encrypts the victim's files in the background. Files that have been encrypted by the 'Restore@protonmail.ch' Ransomware are easily identifiable because their name will have been changed to eight random characters and their extension will be changed to '.locked.' The 'Restore@protonmail.ch' Ransomware drops a randomly named file with the 'locked' extension in each directory where it encrypted content (the content of this file are unknown currently), as well as an executable file named 'READ_ME!.exe' that displays a pop-up message on the victim's computer demanding the payment of a ransom. These files are dropped in every directory where files were encrypted.

How the 'Restore@protonmail.ch' Ransomware Attack Works

The 'Restore@protonmail.ch' Ransomware ransom note alerts the victim that the files were encrypted and only the con artists responsible for the attack are capable of decrypting them. Unfortunately, this information may be true; it may not be possible to recover the files encrypted by the 'Restore@protonmail.ch' Ransomware without access to the decryption key currently. According to the 'Restore@protonmail.ch' Ransomware's ransom demand, victims must send a message to the email address included in the 'Restore@protonmail.ch' Ransomware attack to receive payment instructions. The ransom amount for these attacks may fluctuate between 0.5 and 1.5 BitCoins (between $300 and $900 USD). PC security researchers are against the payment of the 'Restore@protonmail.ch' Ransomware ransom. Instead, files should be restored from a backup device. The ransom demand that appears in the 'Restore@protonmail.ch' Ransomware's pop-up window reads:

'YOUR FILES HAVE BEEN ENCRYPTED!
You personal ID -
Your files have been been encrypted with a powerfull strain of a virus called ransomware.
Your files are encrytped using the same methods banks and the military use. There is currently no possible way to decrypt files with the private key.
Lucky for you, we can help. We are willing to sell you a decryptor UNIQUELY made for your computer (meaning someone else's decryptor will not work for you). Once you pay a small fee, we will instantly send you the software/info neccessary to decrypt all your files, quickly and easilly.
In order to get in touch with us email us at restorefiles@protonmail.ch.In your email write your personal ID (its located at the up of the page, it is a string of random characters). Once we receive your personal ID, we will send you payment instructions.
At our discretion, we may decrypt 1 small file as proof that we decrypt the rest.
If you don't recieve an answer from us at our email address restorefiles@protonmail.ch within 2 hours
Register here: hxxp://bitmsg.me
Once you have done that Write to adress BM-2cUhQ3orPHtcCKvk2iwCeJnmbSeKLLHdog with you email and personal ID
IMPORTANT!
We can not hold your decryption keys forever, so after 1 week your keys are PERMANENTLY deleted from our server, and then you are out of luck, so email us as soon as you see this message. We know exactly when everyone is encrypted, and being the reasonable people we are, the faster you send payment, the lower the cost is. The more you wait, the higher the payment is.
Do not try restore files without our help, this is useless and you may lose data permanetly. Decrypters of other clients will not work on your pc.'

The 'Restore@protonmail.ch' Ransomware also will display a ransom note on the victim's Desktop, by changing the victim's wallpaper image. The following is the full text of this ransom note:

'For restore your files write: restore@protonmail.ch if not get answer in 2 hours from: restorefiles@protonmail.ch use https://bitmsg.me BM -2cUhQ3orPHtcCKvk2iwCeJnmbSeKLLHdog'

Protecting Your Computer from the 'Restore@protonmail.ch' Ransomware

The best protection from attacks like the 'Restore@protonmail.ch' Ransomware is to ensure that your computer is protected adequately with a reliable backup method. If you have backups of your files, then you can simply recover from a the 'Restore@protonmail.ch' Ransomware attack by restoring your files from the backup after wiping your drive and removing the 'Restore@protonmail.ch' Ransomware infection itself.

Trending

Most Viewed

Loading...