Another iteration from the massive Globe ransomware family has popped out into the open, carrying the name .PRIAPOS as it’s file extension suggests. The virus aims to use AES encryption algorithm to render the files on the infected computer no longer able to be opened. Priapos ransomware also drops a ransom note. Names Instructions!!!.hta in which the virus demands victims to pay a hefty ransom fee in order to restore the files encrypted by this virus. The fee is 1.5 BTC and security experts advise not to pay it, since there is a decrypter for this ransomware virus and you can restore your files for free. In case your system has been infected, read the following article.
|Short Description||Variant of Globe family of ransomware viruses. Encrypts files and demands 1.5 BTC ransom to be paid to decrypt them.|
|Symptoms||Slow computer at the moment of file encryption. Files are encrypted with the .PRIAPOS file extension. Added note Instructions!!!.hta|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by Priapos Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Priapos Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Is Priapos Ransomware Distributed
To infect unsuspecting user, the cyber-criminals behind this ransomware infection may use various methods to spread it:
- Via spam e-mails that have convincing messages in them to either open an attachment or click on a web link sent via the mail. The messages usually portray the malicious attachment as a legitimate document of importance.
- Via malicious web links posted as comments on forums or sent via chat on social media, etc.
- Via various other methods, including uploading the file online as a fake setup, key generator, update of Java or Adobe or license activator of some sort.
Whatever the case of .PRIAPOS file virus may be, once the infection file which the cyber-criminals want you to trigger is executed, the inevitable happens and the ransomware slithers unnoticed on your computer.
.PRIAPOS Ransomware – Activity Analysis
One of the main actions .PRIAPOS ransomware performs is for the virus to drop the malicious files, including the file encrypting your data on your PC. This file is .exe format and has a completely random file name, for example 28d2h832.exe.
Another one of the actions done by the .PRIAPOS ransomware threat is to likely delete the shadow volume copies on the compromised computer, via the VSSADMIN command in administrative Windows Command Prompt:
Such shadow copies are essential to restoring files, because they are the backed up versions of your important data, if you have enable Volume Shadow Service on your Windows machine, that is.
Another one of the actions done by the .PRIAPOS virus is to drop it’s ransom note, named Instructions!!!.hta and looking like the picture at the beginning of this article. The ransom note has the following message to victims:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.If you want to restore them, write us to the e-mail [email protected]
Before paying you can send us up to 1 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information.
The amount you need to pay to receive your files 1.5(Bitcoin)
How to obtain Bitcoins
• The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
http://www.localbitcoins.com (Visa/MasterCard, QIWI Visa Wallet, Bank Transfer.)
If I can not connect through the mail, I can not
• [email protected]
In the reply letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
• Do not try to uninstall the program or run antivirus software
• Attempts to self-decrypt the files will lead to the loss of your data
• Decoders of other users are incompatible with your data, as each user has a unique encryption key
.PRIAPOS File Ransomware – Encryption Process
The encryption process of this ransomware infection consists of using the aid of the AES encryption algorithm, also known as Advanced Encryption Algorithm. This cipher aims to replace blocks of data on the original file, making it seem corrupt and looking like the following:
Priapos ransomware is very careful as to which types of files are encrypted. The virus skips crucial files that are required to run Windows and only encrypts documents, photos, video and audio files and other important data. Fortunately, the virus is decryptable as you will see if you keep reading this article.
Remove .PRIAPOS Ransomware
Before decrypting your encrypted files, it is important to remove this ransomware virus from your computer. The best method to do this is to focus on removing the ransomware infection by using the instructions below. However, security experts advise victims to remove the virus automatically with the aid of an advanced anti-malware tool. Such tool will not only remove the main files, but also locate all the objects associated with .PRIAPOS and delete them as well, so your PC would run as if the virus was never there.
Manually delete Priapos Virus from your computer
Note! Substantial notification about the Priapos Virus threat: Manual removal of Priapos Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove Priapos Virus by downloading an advanced anti-malware program
Decrypt .PRIAPOS Encrypted Files for Free (Update May 2017)
Since .PRIAPOS file virus is part of the family of viruses, known as Globe or Purge ransomware, it is decryptable.
The first course of action for the decryption process would be to download Trend Micro’s Ransomware decrypted by clicking on the button below:
Step 1: After downloading, open the archive (you should have an archive reader, like WinRar) by clicking on the download icon of your browser and clicking on the file:
Step 2: After the archive is open, extract the decrypter for .PRIAPOS virus on your Desktop by dragging it out of the archive.
Step 3: Open the decrypter. Make sure it is done as an administrator and click on the “I agree” when a pop-up box appears. After this is complete, you should see the following:
Step 4: Click on the “Select” button to select the ransomware name as shown under the step 1 from the picture above.
Step 5: Select “Purge/Globe” (Purge/Globe is .PRIAPOS virus family) and then click on the “OK” button.
Step 7: Go ahead and click on the second step (Select and Decrypt) button which will open a file explorer. From there choose one encrypted file by Globe or Purge. Preferably choose a smaller file:
Step 8: From there, the TrendMicro scanning process should begin. The program should be able to find other encrypted files as well and try to decrypt them if it has decrypted one file: