.PRIAPOS Virus – Decrypt Your Files (Free) - How to, Technology and PC Security Forum | SensorsTechForum.com

.PRIAPOS Virus – Decrypt Your Files (Free)

This article aims to help you remove .PRIAPOS virus file ransomware and decrypt the encrypted files by this ransomware infection for free.

Another iteration from the massive Globe ransomware family has popped out into the open, carrying the name .PRIAPOS as it’s file extension suggests. The virus aims to use AES encryption algorithm to render the files on the infected computer no longer able to be opened. Priapos ransomware also drops a ransom note. Names Instructions!!!.hta in which the virus demands victims to pay a hefty ransom fee in order to restore the files encrypted by this virus. The fee is 1.5 BTC and security experts advise not to pay it, since there is a decrypter for this ransomware virus and you can restore your files for free. In case your system has been infected, read the following article.

Threat Summary

NamePriapos Virus
TypeRansomware, Cryptovirus
Short DescriptionVariant of Globe family of ransomware viruses. Encrypts files and demands 1.5 BTC ransom to be paid to decrypt them.
SymptomsSlow computer at the moment of file encryption. Files are encrypted with the .PRIAPOS file extension. Added note Instructions!!!.hta
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Priapos Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Priapos Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Is Priapos Ransomware Distributed

To infect unsuspecting user, the cyber-criminals behind this ransomware infection may use various methods to spread it:

  • Via spam e-mails that have convincing messages in them to either open an attachment or click on a web link sent via the mail. The messages usually portray the malicious attachment as a legitimate document of importance.
  • Via malicious web links posted as comments on forums or sent via chat on social media, etc.
  • Via various other methods, including uploading the file online as a fake setup, key generator, update of Java or Adobe or license activator of some sort.

Whatever the case of .PRIAPOS file virus may be, once the infection file which the cyber-criminals want you to trigger is executed, the inevitable happens and the ransomware slithers unnoticed on your computer.

.PRIAPOS Ransomware – Activity Analysis

One of the main actions .PRIAPOS ransomware performs is for the virus to drop the malicious files, including the file encrypting your data on your PC. This file is .exe format and has a completely random file name, for example 28d2h832.exe.

Another one of the actions done by the .PRIAPOS ransomware threat is to likely delete the shadow volume copies on the compromised computer, via the VSSADMIN command in administrative Windows Command Prompt:

Such shadow copies are essential to restoring files, because they are the backed up versions of your important data, if you have enable Volume Shadow Service on your Windows machine, that is.

Another one of the actions done by the .PRIAPOS virus is to drop it’s ransom note, named Instructions!!!.hta and looking like the picture at the beginning of this article. The ransom note has the following message to victims:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.If you want to restore them, write us to the e-mail mk.priapos@bigmir.net
Before paying you can send us up to 1 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information.
The amount you need to pay to receive your files 1.5(Bitcoin)
How to obtain Bitcoins
• The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
• Bitcoin:
http://www.localbitcoins.com (Visa/MasterCard, QIWI Visa Wallet, Bank Transfer.)
1.5 BTC
If I can not connect through the mail, I can not
• mk.priapos@bigmir.net
In the reply letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
• Do not try to uninstall the program or run antivirus software
• Attempts to self-decrypt the files will lead to the loss of your data
• Decoders of other users are incompatible with your data, as each user has a unique encryption key

.PRIAPOS File Ransomware – Encryption Process

The encryption process of this ransomware infection consists of using the aid of the AES encryption algorithm, also known as Advanced Encryption Algorithm. This cipher aims to replace blocks of data on the original file, making it seem corrupt and looking like the following:

Priapos ransomware is very careful as to which types of files are encrypted. The virus skips crucial files that are required to run Windows and only encrypts documents, photos, video and audio files and other important data. Fortunately, the virus is decryptable as you will see if you keep reading this article.

Remove .PRIAPOS Ransomware

Before decrypting your encrypted files, it is important to remove this ransomware virus from your computer. The best method to do this is to focus on removing the ransomware infection by using the instructions below. However, security experts advise victims to remove the virus automatically with the aid of an advanced anti-malware tool. Such tool will not only remove the main files, but also locate all the objects associated with .PRIAPOS and delete them as well, so your PC would run as if the virus was never there.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share