It seems as if a new variant of the GarrantyDecrypt Ransomware has been introduced in the digital space. This new variant is sneaky and contacts its victims by masquerading as the staff from Proton Technologies. Proton Technologies is a reputable company known to release cybersecurity products like ProtonVPN and ProtonMail.
Earlier, in October 2018, a cybersecurity expert found the traces of this ransomware family. So far, the ransomware family is not widely recognized in the cybercriminal space and has not been known to be involved in a major infection. However, with the passage of time, the list of its victims is growing. This increased activity has been illustrated by graphs which note the rise of user submission of ransom notes as well as the files which were encrypted.
However, this time, the cybercriminals behind GarrantyDecrypt Ransomware updated their deception strategy. They now pose as the security staff behind Proton Technologies. Their ransom note is titled as “SECURITY-ISSUE-INFO.txt”.
The note notifies to the user that an “outsider” attempted to attack them and advises a reset of the password as a response. The file then explains that the cryptographic algorithm, RSA (1024-bit) was used to encrypt their data so any unauthorized third party cannot access it.
For ransomware removal and restoration of the files, a step-by-step procedure is detailed. The procedure states that they can decrypt the files through payment. After completing the payment process, an email address is provided to contact them for the decryption key. After using that decryption tool, it is guaranteed that their files can revert to their original states.
The note also advises the victim against the use of any other tool for ransomware removal or else they risk losing their data. Payment is asked in the form of bitcoin, worth $780. A bitcoin address is also specified. For contact, two IDs are given, Server ID and Payment ID.
What’s more interesting is the fact that the pretenders also added the original company’s copyright “PROTON SECURE-SERVER SYSTEMS (c) 2019” statement in the end in order to appear authentic and genuine. For users who are unfamiliar with the ransom strains, the deception and the ransom note are too smartly designed which means that the likelihood of the ransomware’s success is unfortunately high.
In case, you receive this note or a similar note, then bear in mind that Proton Technologies does not engage in such shady practices. Since the ransomware is new, therefore there is no ransomware removal tool to decrypt the affected information. Therefore, your only option is to seek the services of a cybersecurity company.