'X280@protonmail.com' Ransomware

The 'x280@protonmail.com' Ransomware is among the newest ransomware threats spotted by experts. In the past few years, there has been a growing interest in data-locking Trojans as they are simple to build (provided that one borrows readily available code from other ransomware threats) and easy to propagate.

Propagation and Encryption

Upon studying the 'x280@protonmail.com' Ransomware, researchers found that this file-encrypting Trojan belongs to the Estemani Ransomware family. It is likely that the authors of the 'x280@protonmail.com' Ransomware are taking advantage of macro-laced attachments to spread this Trojan via email. Some experts believe that the 'x280@protonmail.com' Ransomware also may be propagated via bogus pirated copies of popular applications and fraudulent software updates. The 'x280@protonmail.com' Ransomware will make sure to scan your data and locate the file types, which it was programmed to target. Ransomware threats often go after most popular files such as .mp4, .jpeg, .png, .doc, .ppt, .pdf, .mp3, .mov, etc. because most users have these files on their systems. Next, the 'x280@protonmail.com' Ransomware will begin locking all the data that was targeted. When ransomware threats lock a file, they usually append a new extension at the end of the filename. However, the 'x280@protonmail.com' Ransomware encrypts the targeted files without adding an extension to their names.

The Ransom Note

When the encryption process is completed, the 'x280@protonmail.com' Ransomware will drop a ransom note called '@_READ_TO_RECOVER_FILES_@.txt.' Often, cyber crooks use all caps and even special symbols when naming ransom notes to ensure that the name catches the attention of the user. In the note, the attackers state that the ransom fee is 1.5 Bitcoin ($12,300 approximately at the time of typing this post). They also claim that attempts to decrypt the locked data with third-party software are 'futile.' The attackers expect the victims to contact them via email – 'x280@protonmail.com.'

It is certainly not a good idea to give your hard-earned cash to cybercriminals. Not only will you fund their criminal activity, but they are likely to trick you and never send the decryption key you need to unlock your data. It is far safer to download and install a genuine anti-malware application, which will take care of the 'x280@protonmail.com' Ransomware for you and keep your system secure in the future. You also can try to recover some of the data by using a file-recovery solution.