While cryptomining and formjacking are emerging as the major cyber threats, ransomware has established its position in the digital domain. Cryptovirological operators continue to introduce new strains and the variants of the existing ones regardless of what new cyber trend entails.
This is the reason why ransomware removal experts detect new cryptovirological strains on a regular basis. In a latest scavenging campaign, a team of malware hunters has detected a new cryptovirological strain that goes with the name Promos ransomware.
Promos: A Successor of Djvu/Stop Ransomware
Ransomware removal experts have identified Promos as a variant of Djvu/Stop ransomware. It is using the same exploit kit and the encryption module (AES) to lock down the files on the targeted device. Moreover, the contact ID in the ransom note is the same as given in previous versions of Djvu.
Experts are still trying to find out what distribution method is used by Promos operators. However, there are strong chances that phishing or compromised web domains are being used to spread and distribute Promos infection. Once Promos script completes its encryption, it produces ransom note in every affected folder. At the end of encryption, every file has been appended with a ‘.promos’ extension.
Working in Both Online and Offline Environment
Even though Promos ransomware is operated through a Command and Control System where perpetrators oversee the ongoing encryption in real-time, but its script can also perform offline encryption through a hard-coded key. In short, there is no way to stop Promos encryption once it has infiltrated in the system.
A 50% Discount Offer on Ransom Payment
As per the ransom note, Promos operators are asking for $980 in Bitcoin to provide ransomware removal solution. However, the affected users can get 50% ‘discount’ if they agree to pay the attackers within three days. This is a gambit played by cryptovirological operators just to collect the maximum amount of ransom.
Cybersecurity experts and law enforcement agencies strongly advise against engaging with attackers to get the decryption solution. There are no guarantees that they will provide the right solution. Moreover, the extended correspondence with cryptovirological operators can also lead to further cyber damages.
What to Do?
In case you have incurred a Promos attack, the best way to deal with it is to call for professional help. Seasoned ransomware removal experts have enough expertise to deal with AES- based cryptovirological attacks. Their reliable decryption service most definitely comes in a price that can’t be matched to hefty ransom payments.
If you don’t want to bear any data loss in the first place, then take on the practice of regular backup maintenance. With a readily available copy of critical files, you won’t be affected by the data lockdown inflicted by a ransomware attack.