Home Malware Programs Ransomware Prnds Ransomware

Prnds Ransomware

Posted: July 3, 2020

The Prnds Ransomware is a file-locking Trojan from the Dharma Ransomware Ransomware-as-a-Service. Although it includes a range of secondary features, its most essential attack blocks diverse media formats, such as documents and pictures, from opening. All users should equip themselves with backups for recovery without a ransom and let dedicated anti-malware services remove the Prnds Ransomware as soon as it's identifiable.

The RaaS Business Continues On (and On)

With little stopping it from dominating the bulk of Ransomware-as-a-Service demands besides Bitcoin valuations and some competition (AKA, the STOP Ransomware's family), the Dharma Ransomware RaaS is highly-active into the summer. Early takes on the Trojan began years ago, with cases like the 'Lavandos@dr.com' Ransomware and the Supermagnet@india.com Ransomware evolving into new versions like the BSC Ransomware and the Kjh Ransomware. Accordingly, malware experts have no surprise for confirming another campaign underway in June by the name of the Prnds Ransomware.

The Prnds Ransomware's filename of 'pay' may refer to an opening infection gambit, such as a fake invoice through e-mail scams, or just a reference to its ransom. In either case, the Windows Trojan is most hazardous to users without backups, thanks to an AES and RSA encryption feature that searches for and converts most files into locked formats. This file-locking attack is unrecoverable without the decryption key that the business, as per the norms for a Ransomware-as-a-Service, holds behind a Bitcoin ransom.

Some local backups remain ineffective at countering threats from the Prnds Ransomware's family. Besides any further actions that the Prnds Ransomware or attackers might undertake, the Trojan includes a built-in Restore Point wipe. It also creates ransom messages promoting its unlocker through a pop-up and a text message, both of which are in keeping with the English-language templates of the Dharma Ransomware RaaS. Any victims taking this solution despite its risks should scan any 'demonstration' files from the threat actor before opening them and copy their locked files before sending them through any decryption process.

Staying Outside of a Trojan's Playground

Since it's compatible with Windows 10 and most recent, earlier versions of the OS, a majority of PC users are at risk from the Prnds Ransomware's campaign. However, casual precautions such as refusing illegal downloads, turning off JavaScript, and installing security patches are sufficient protection for most infection vectors. Besides these everyday steps, malware experts also especially recommend examining e-mail attachments and monitoring passwords and RDP settings for any vulnerabilities in a workplace setting.

As mentioned previously, the Prnds Ransomware may use the pretense of being an invoice or payment notification as part of a tactic that solicits clicks on its installer from hapless recipients. Other tactics that are prominent this year are fake software updates for media players and services, illicit media like movies or game-cracking tools, and phony Coronavirus or COVID-19 applications, particularly. Web surfers should prioritize downloading software and content from reputable websites and users, and look at reviews on any 'free' applications.

This threat is triggering most detection tests by general-purpose anti-malware suites. Most reliable cyber-security programs should delete the Prnds Ransomware – although removing the Trojan doesn't recover any of the encrypted files.

As a pointed update to the daily relevance of a backup plan and schedule, the Prnds Ransomware serves its purpose, for criminals and victims alike. Those without a response beforehand for getting their data out of a tight spot may see it kept hostage forever, whether they pay or let ransom notes go unheeded.

Loading...