.PRIAPOS Virus – Decrypt Your Files (Free) - How to, Technology and PC Security Forum | SensorsTechForum.com

.PRIAPOS Virus – Decrypt Your Files (Free)

This article aims to help you remove .PRIAPOS virus file ransomware and decrypt the encrypted files by this ransomware infection for free.

Another iteration from the massive Globe ransomware family has popped out into the open, carrying the name .PRIAPOS as it’s file extension suggests. The virus aims to use AES encryption algorithm to render the files on the infected computer no longer able to be opened. Priapos ransomware also drops a ransom note. Names Instructions!!!.hta in which the virus demands victims to pay a hefty ransom fee in order to restore the files encrypted by this virus. The fee is 1.5 BTC and security experts advise not to pay it, since there is a decrypter for this ransomware virus and you can restore your files for free. In case your system has been infected, read the following article.

Threat Summary

NamePriapos Virus
TypeRansomware, Cryptovirus
Short DescriptionVariant of Globe family of ransomware viruses. Encrypts files and demands 1.5 BTC ransom to be paid to decrypt them.
SymptomsSlow computer at the moment of file encryption. Files are encrypted with the .PRIAPOS file extension. Added note Instructions!!!.hta
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Priapos Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Priapos Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Is Priapos Ransomware Distributed

To infect unsuspecting user, the cyber-criminals behind this ransomware infection may use various methods to spread it:

  • Via spam e-mails that have convincing messages in them to either open an attachment or click on a web link sent via the mail. The messages usually portray the malicious attachment as a legitimate document of importance.
  • Via malicious web links posted as comments on forums or sent via chat on social media, etc.
  • Via various other methods, including uploading the file online as a fake setup, key generator, update of Java or Adobe or license activator of some sort.

Whatever the case of .PRIAPOS file virus may be, once the infection file which the cyber-criminals want you to trigger is executed, the inevitable happens and the ransomware slithers unnoticed on your computer.

.PRIAPOS Ransomware – Activity Analysis

One of the main actions .PRIAPOS ransomware performs is for the virus to drop the malicious files, including the file encrypting your data on your PC. This file is .exe format and has a completely random file name, for example 28d2h832.exe.

Another one of the actions done by the .PRIAPOS ransomware threat is to likely delete the shadow volume copies on the compromised computer, via the VSSADMIN command in administrative Windows Command Prompt:

Such shadow copies are essential to restoring files, because they are the backed up versions of your important data, if you have enable Volume Shadow Service on your Windows machine, that is.

Another one of the actions done by the .PRIAPOS virus is to drop it’s ransom note, named Instructions!!!.hta and looking like the picture at the beginning of this article. The ransom note has the following message to victims:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.If you want to restore them, write us to the e-mail [email protected]
Before paying you can send us up to 1 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information.
The amount you need to pay to receive your files 1.5(Bitcoin)
How to obtain Bitcoins
• The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
• Bitcoin:
http://www.localbitcoins.com (Visa/MasterCard, QIWI Visa Wallet, Bank Transfer.)
1.5 BTC
If I can not connect through the mail, I can not
[email protected]
In the reply letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
Attention!
• Do not try to uninstall the program or run antivirus software
• Attempts to self-decrypt the files will lead to the loss of your data
• Decoders of other users are incompatible with your data, as each user has a unique encryption key

.PRIAPOS File Ransomware – Encryption Process

The encryption process of this ransomware infection consists of using the aid of the AES encryption algorithm, also known as Advanced Encryption Algorithm. This cipher aims to replace blocks of data on the original file, making it seem corrupt and looking like the following:

Priapos ransomware is very careful as to which types of files are encrypted. The virus skips crucial files that are required to run Windows and only encrypts documents, photos, video and audio files and other important data. Fortunately, the virus is decryptable as you will see if you keep reading this article.

Remove .PRIAPOS Ransomware

Before decrypting your encrypted files, it is important to remove this ransomware virus from your computer. The best method to do this is to focus on removing the ransomware infection by using the instructions below. However, security experts advise victims to remove the virus automatically with the aid of an advanced anti-malware tool. Such tool will not only remove the main files, but also locate all the objects associated with .PRIAPOS and delete them as well, so your PC would run as if the virus was never there.

Manually delete Priapos Virus from your computer

Note! Substantial notification about the Priapos Virus threat: Manual removal of Priapos Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Priapos Virus files and objects
2.Find malicious files created by Priapos Virus on your PC

Automatically remove Priapos Virus by downloading an advanced anti-malware program

1. Remove Priapos Virus with SpyHunter Anti-Malware Tool and back up your data

Decrypt .PRIAPOS Encrypted Files for Free (Update May 2017)

Since .PRIAPOS file virus is part of the family of viruses, known as Globe or Purge ransomware, it is decryptable.

The first course of action for the decryption process would be to download Trend Micro’s Ransomware decrypted by clicking on the button below:


Download

Trend Micro Ransowmare Decrypter


Step 1: After downloading, open the archive (you should have an archive reader, like WinRar) by clicking on the download icon of your browser and clicking on the file:

2-trend-micro-file-decryptor-download-sensorstechforum

Step 2: After the archive is open, extract the decrypter for .PRIAPOS virus on your Desktop by dragging it out of the archive.

3-extract-decrypt-files-by-cerber-sensorstechforum-how-to

Step 3: Open the decrypter. Make sure it is done as an administrator and click on the “I agree” when a pop-up box appears. After this is complete, you should see the following:

4-trend-micro-file-decrypter-cerber-sensorstechforum-select-decrypt

Step 4: Click on the “Select” button to select the ransomware name as shown under the step 1 from the picture above.

Step 5: Select “Purge/Globe” (Purge/Globe is .PRIAPOS virus family) and then click on the “OK” button.

Step 7: Go ahead and click on the second step (Select and Decrypt) button which will open a file explorer. From there choose one encrypted file by Globe or Purge. Preferably choose a smaller file:

Step 8: From there, the TrendMicro scanning process should begin. The program should be able to find other encrypted files as well and try to decrypt them if it has decrypted one file:

7-cerber-encrypted-file-decrypter-decrypting-sensorstechforum

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.