• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Cryptovirological Discovery: Promos Ransomware

March 6, 2019Simeon Georgiev

While cryptomining and formjacking are emerging as the major cyber threats, ransomware has established its position in the digital domain. Cryptovirological operators continue to introduce new strains and the variants of the existing ones regardless of what new cyber trend entails.

This is the reason why ransomware removal experts detect new cryptovirological strains on a regular basis. In a latest scavenging campaign, a team of malware hunters has detected a new cryptovirological strain that goes with the name Promos ransomware.

Promos: A Successor of Djvu/Stop Ransomware

Ransomware removal experts have identified Promos as a variant of Djvu/Stop ransomware. It is using the same exploit kit and the encryption module (AES) to lock down the files on the targeted device. Moreover, the contact ID in the ransom note is the same as given in previous versions of Djvu.

Experts are still trying to find out what distribution method is used by Promos operators. However, there are strong chances that phishing or compromised web domains are being used to spread and distribute Promos infection.  Once Promos script completes its encryption, it produces ransom note in every affected folder. At the end of encryption, every file has been appended with a ‘.promos’ extension.

Working in Both Online and Offline Environment

Even though Promos ransomware is operated through a Command and Control System where perpetrators oversee the ongoing encryption in real-time, but its script can also perform offline encryption through a hard-coded key. In short, there is no way to stop Promos encryption once it has infiltrated in the system.

A 50% Discount Offer on Ransom Payment

As per the ransom note, Promos operators are asking for $980 in Bitcoin to provide ransomware removal solution. However, the affected users can get 50% ‘discount’ if they agree to pay the attackers within three days. This is a gambit played by cryptovirological operators just to collect the maximum amount of ransom.

Cybersecurity experts and law enforcement agencies strongly advise against engaging with attackers to get the decryption solution. There are no guarantees that they will provide the right solution. Moreover, the extended correspondence with cryptovirological operators can also lead to further cyber damages.

What to Do?

In case you have incurred a Promos attack, the best way to deal with it is to call for professional help. Seasoned ransomware removal experts have enough expertise to deal with AES- based cryptovirological attacks. Their reliable decryption service most definitely comes in a price that can’t be matched to hefty ransom payments.

If you don’t want to bear any data loss in the first place, then take on the practice of regular backup maintenance. With a readily available copy of critical files, you won’t be affected by the data lockdown inflicted by a ransomware attack.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Cryptovirological Discovery: Cr1ptT0r Ransomware Next post no_more_ransom: A New Variant of Shade and Rapid Ransomware

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.