Another iteration from the massive Globe ransomware family has popped out into the open, carrying the name .PRIAPOS as it’s file extension suggests. The virus aims to use AES encryption algorithm to render the files on the infected computer no longer able to be opened. Priapos ransomware also drops a ransom note. Names Instructions!!!.hta in which the virus demands victims to pay a hefty ransom fee in order to restore the files encrypted by this virus. The fee is 1.5 BTC and security experts advise not to pay it, since there is a decrypter for this ransomware virus and you can restore your files for free. In case your system has been infected, read the following article.
|Short Description||Variant of Globe family of ransomware viruses. Encrypts files and demands 1.5 BTC ransom to be paid to decrypt them.|
|Symptoms||Slow computer at the moment of file encryption. Files are encrypted with the .PRIAPOS file extension. Added note Instructions!!!.hta|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by Priapos Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Priapos Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Is Priapos Ransomware Distributed
To infect unsuspecting user, the cyber-criminals behind this ransomware infection may use various methods to spread it:
- Via spam e-mails that have convincing messages in them to either open an attachment or click on a web link sent via the mail. The messages usually portray the malicious attachment as a legitimate document of importance.
- Via malicious web links posted as comments on forums or sent via chat on social media, etc.
- Via various other methods, including uploading the file online as a fake setup, key generator, update of Java or Adobe or license activator of some sort.
Whatever the case of .PRIAPOS file virus may be, once the infection file which the cyber-criminals want you to trigger is executed, the inevitable happens and the ransomware slithers unnoticed on your computer.
.PRIAPOS Ransomware – Activity Analysis
One of the main actions .PRIAPOS ransomware performs is for the virus to drop the malicious files, including the file encrypting your data on your PC. This file is .exe format and has a completely random file name, for example 28d2h832.exe.
Another one of the actions done by the .PRIAPOS ransomware threat is to likely delete the shadow volume copies on the compromised computer, via the VSSADMIN command in administrative Windows Command Prompt:
Such shadow copies are essential to restoring files, because they are the backed up versions of your important data, if you have enable Volume Shadow Service on your Windows machine, that is.
Another one of the actions done by the .PRIAPOS virus is to drop it’s ransom note, named Instructions!!!.hta and looking like the picture at the beginning of this article. The ransom note has the following message to victims:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.If you want to restore them, write us to the e-mail [email protected]
Before paying you can send us up to 1 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information.
The amount you need to pay to receive your files 1.5(Bitcoin)
How to obtain Bitcoins
• The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
http://www.localbitcoins.com (Visa/MasterCard, QIWI Visa Wallet, Bank Transfer.)
If I can not connect through the mail, I can not
• [email protected]
In the reply letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
• Do not try to uninstall the program or run antivirus software
• Attempts to self-decrypt the files will lead to the loss of your data
• Decoders of other users are incompatible with your data, as each user has a unique encryption key
.PRIAPOS File Ransomware – Encryption Process
The encryption process of this ransomware infection consists of using the aid of the AES encryption algorithm, also known as Advanced Encryption Algorithm. This cipher aims to replace blocks of data on the original file, making it seem corrupt and looking like the following:
Priapos ransomware is very careful as to which types of files are encrypted. The virus skips crucial files that are required to run Windows and only encrypts documents, photos, video and audio files and other important data. Fortunately, the virus is decryptable as you will see if you keep reading this article.
Remove .PRIAPOS Ransomware
Before decrypting your encrypted files, it is important to remove this ransomware virus from your computer. The best method to do this is to focus on removing the ransomware infection by using the instructions below. However, security experts advise victims to remove the virus automatically with the aid of an advanced anti-malware tool. Such tool will not only remove the main files, but also locate all the objects associated with .PRIAPOS and delete them as well, so your PC would run as if the virus was never there.