Princess Evolution Ransomware is a new ransomware infection that might become a prevalent threat shortly. We say so because anyone can start distributing this threat in order to get some extra money. It seems that the ransomware developer promises to give 60% of all the payments received to those distributing the infection. This infection has a potential of becoming a real threat and affecting thousands of computers, so our recommendation would be to install a security application on the system. It will not allow any other infection to infiltrate your computer. Of course, if you have already encountered this ransomware infection, there is no way to set the clock back and prevent it from entering the system. In this case, you must remove Princess Evolution Ransomware right away so that it could not lock any new files you create on your computer. This threat is one of those nasty infections that lock personal files on affected computers. We are sure you do not want to lose your precious documents or media files, so please ensure your system’s maximum protection while you still can.
Once Princess Evolution Ransomware is executed, it checks whether two files can be found: %APPDATA%\MeGEZan.VDE and hoJUpcvgHA on that computer. If they are found, the ransomware infection stops working immediately. In other words, it does not lock files on that computer because the presence of these files shows that it did that some time ago. Files affected by this threat are all marked with the extension that consists of 4-6 random characters, for example, picture.jpg. JOf6. Research has clearly shown that this malicious application uses XOR and AES-128 encryption algorithms to lock data on affected computers, which means that it might be extremely hard to unlock those locked files. Most probably, only a decryption tool cyber criminals have could help you. It does not mean that you should purchase it from them. The ransom note dropped on victim’s computers contains the .onion link opening the payment page. You will be asked to enter the ID first before you could access that page. Even if it turns out that the decryptor that can unlock files encrypted by Princess Evolution Ransomware is not that expensive, you should not invest in it because there are no guarantees that it will unlock a single file on your computer. You do not know whether you will really get it from cyber criminals as well. If you badly need your files back, you can restore them from a backup. Alternatively, you can try out all reliable data recovery tools available. We cannot promise that they will help you though.
Even though Princess Evolution Ransomware is a new infection, specialists already know how this threat is distributed. They have noticed that it is distributed via the exploit kit called RIG Exploit Kit in the first place. Also, it might be distributed via spam emails and dropped by cyber criminals if users use RDP connections whose credentials can be cracked easily. Last but not least, the malicious application might pretend to be a crack/keygen or travel together with third-party software. It is not always an easy task to prevent malware from entering the system. If you know that you could not do that alone, you should let a reliable antimalware tool to take care of all the threats for you automatically. The automated tool will not allow suspicious software to enter your computer, and you will not need to do anything yourself except for checking if the scanner is active once in a while and updating it.
No files will be unlocked even if you erase Princess Evolution Ransomware completely, but it does not mean that there is nothing wrong with keeping the malicious application active on the system. You must delete it ASAP! To remove this threat from your system, you must delete the file you have launched recently. Additionally, you will be responsible for the removal of three files (.html, .txt, and .url) dropped by ransomware if you decide to adopt the manual removal method. Without a doubt, the easiest way to clean the system is to scan it with an antimalware scanner.
|#||File Name||File Size (Bytes)||File Hash|
|1||(_H0W_TO_REC0VER_JOF6.html||1061 bytes||MD5: f98f5211b6ba029bab919d8cd93aaaba|
|2||(_H0W_TO_REC0VER_JOF6.url||135 bytes||MD5: ce31992710f31af46f30cb9927361ede|
|3||PrincessEvolution.exe||273920 bytes||MD5: acaeaf1e1ff0b043a37d2a3e3f9f3fbe|
|4||(_H0W_TO_REC0VER_JOF6.txt||458 bytes||MD5: 91800f59e1b8bcc3deab7092dce2a796|
|#||Process Name||Process Filename||Main module size|