Home Malware Programs Ransomware Promorad2 Ransomware

Promorad2 Ransomware

Posted: April 11, 2019

The Promorad2 Ransomware is a file-locker Trojan that comes from STOP Ransomware's family. It disables recovery and repair-related Windows features while blocking your files with encryption so that it can sell the decryptor to you. Let your anti-malware products protect your PC by removing the Promorad2 Ransomware automatically and store backups safely for file recovery choices that don't need a compatible decryptor's assistance.

Another Promo of the STOP Ransomware is Getting Started

The STOP Ransomware, also using the name of Djvu Ransomware (according to one of its earliest variant's extension choice), is seeing constant abuse with threat actors hiring its features out for file-locking attacks against different targets. One of the most recent of these threats, the Promorad2 Ransomware, is active in the wild with victims in Peru providing samples of the Trojan's components and some of the files that it's locking. As usual, however, borders or other geolocational considerations don’t restrict the Promorad2 Ransomware’s payload.

The Promorad2 Ransomware's campaign is running alongside similarly-dated ones from the same family, presumably, by other threat actors, which include the attacks of the Promock Ransomware, the Tronas Ransomware, the Grovat Ransomware, the Raldug Ransomware, as well as others. It could be attacking users randomly through torrents, which are a known infection vector for its family, although more file-locker Trojans prefer exploits such as e-mail-attached, corruptedly-crafted documents, browser threats like the Neutrino Exploit Kit, or brute-force attacks. Users without security solutions for identifying it in time will have their files locked and encrypted by the Promorad2 Ransomware's payload.

The Promorad2 Ransomware includes offline and online variants of this file-sabotaging function, which makes documents and other media on the PC unreadable. Rather than testing each file, one at a time, however, users can search for the 'promorad2' extension that it appends for telling what media is captive. Promorad2 Ransomware may remove one's Shadow Copy-based backups preventing users from repairing anything.

An Easy Stopping Point for a STOP Ransomware Revamp

Like most Ransomware-as-a-Service entities, the Promorad2 Ransomware's family is in the hands of various criminals that can pay and have no means of programming a file-locking Trojan by themselves. This third-party factor injects significant uncertainty into determining how the Promorad2 Ransomware circulates. Malware researchers advise being highly cautious around the infection vectors that are most common to file-locking Trojans, overall, which consist of all of the below:

  • E-mail messages, especially documents and other attachments, may carry Trojan droppers or downloaders for installing this threat.
  • Free downloading resources may pass the Promorad2 Ransomware's installer off as an executable crack for a game, a movie, or other, illegally-distributed content.
  • Exploit Kits can distribute the Promorad2 Ransomware by abusing the software vulnerabilities that it loads through your Web browser, particularly, via JavaScript or Flash.

Besides all of the above risks, site and network administrators are in danger of targeted, brute-force attacks that may crack logins with unsafe passwords. 'Unsafe' includes both simple strings ('password123,' for example) as well as factory-default ones. Users will require backups for file recovery unless an offline decryptor for the Promorad2 Ransomware variant appears, but most anti-malware products should stop and uninstall the Promorad2 Ransomware appropriately.

Even when they're so easily reproduced and administrated by new faces, ransoms for your files aren't a joke. Doing your part to put down the Promorad2 Ransomware's portion of the RaaS industry calls for good backup software, due diligence and little else.

Loading...