Our specialists came across a new ransomware application called Prometey Ransomware. Research revealed that the malware might no longer be active as their encountered sample did not work. However, the malicious application might have infected computers while it was still being spread and if you are one of the threat’s victims, we invite you to read our full report and learn the most important details. Also, if the malware is on your system you might be looking for a way to eliminate it. In such case, we could offer our deletion instructions placed below, although we have to stress that they may not be accurate. Thus, if you wish to eliminate Prometey Ransomware, it is important to scan your computer with a reliable antimalware tool too as it is suggested at the end of our provided instructions.
Even if Prometey Ransomware is on your system, you might still be wondering how it got in. That would not surprise us as we know that many victims get tricked into installing such threats without realizing it. For example, you might receive an email message with an attachment that might look like a text file or some other document. The message might ask to open this file and when you try to do so, you might be presented with a fake notification asking to update your software or saying that there has been an error. All of this is meant to distract you from realizing that the received file was carrying a threat. Ransomware applications can work without revealing their presence until they encrypt all targeted files, so you may not notice anything until the malware displays its ransom note. Thus, we strongly recommend staying away from Spam emails and messages from people you do not know. Also, it would be best to scan all files that raise suspicion a reliable security tool.
Our researchers found a sample of Prometey Ransomware, but it did not work. Nonetheless, we were able to find out a lot about it from its code. For instance, one of the things that we learned was that the malware might create a file called DirectX1I.dll in the C:/Windows location. Next, the malicious program should encrypt various files located on an infected device. We believe that it should be personal files like videos or documents that should get encrypted. As for data belonging to Windows or other software, it is likely that the threat should leave it untouched. The reason why most ransomware applications do not encrypt such files is to ensure that their infected devices will not crash. It is important that machines remain bootable because victims would be unable to view ransom notes and fulfill the hackers’ demands. Prometey Ransomware might drop a file with the same ransom note in all directories containing encrypted files. Inside of it, you might see a message asking to install TOR browser and visit a specific site to chat with the malware’s creators.
Furthermore, the hackers’ ransom note should also mention about having to purchase a decryptor with Bitcoins. We should stress that no matter what the cybercriminals behind Prometey Ransomware might say, there are no reassurances that the promised decryptor will reach you even if you pay for it. Therefore, you have to decide if you can afford to lose your money in vain and if your files are worth the risk. Also, you should check if you have any backup copies that you could use to replace encrypted files. Since the malware may delete shadow copies, you should use backup data stored on removable media devices or cloud storage. Of course, first, we advise cleaning your system by erasing Prometey Ransomware. If you need any help with this task, you could use the instructions available below.