Pr0tector Ransomware–Threat In Detail
Pr0tector is a newly detected ransomware that encrypts file and documents found on the target computer system and appends the files with .pr0tector extension.
The ransomware uses the combination of RSA-2048 key and AES CBC 256-bit encryption algorithm to encrypt the files with a pair of private and public key. The private key is stored on a remote server associated with the ransom owner. After encryption being done, Pr0tector ransomware leaves a ransom note on how to decrypt the data and contacting the ransomware authors with associated email ID: “[email protected]” or “[email protected]”.
Cyber experts always recommend keeping a backup of all important files and never pay any ransom to such criminals as it is no any guarantee that they are going to give your files back. Instead go for powerful removal tool to remove Pr0tector ransomware from PC and try recovering files using data recovery tool.
|Description||Pr0tector Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of Pr0tector Ransomware virus on your computer.|
Pr0tector Ransomware is distributed via email spam attachments which might be in the form of a RAR, ZIP and un-archived DOCX-files that might be titled as any important document as of any invoice which contains malicious macro. Other sources might include visiting infected websites containing java script codes, exploit kits and spam bots.
More about Pr0tector Ransomware
After getting installed, Pr0tector Ransomware may drop malicious payloads and entries in the Windows’s registry to auto-launch its program when the user starts its machine.
Pr0tector Ransomware uses AES-256 bit encrypting algorithm to encrypt files like Documents, PDF, photos, music, videos, databases, etc. After encrypting the files, the ransomware changes the desktop wallpaper to ransom note:
Along with that, Pr0tector Ransomware also leaves a ransom note detailed with how to contact them and decrypt files.
The ransom Note says:
The associated mail id with Pr0tector Ransomware are:
List of file extension encrypted
→ .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt