A new ransomware infection – Proticc Ransomware – has been detected by specialists. Luckily, it does not seem to be a serious malicious application. In fact, we do not think that it will cause you a lot of trouble if cyber criminals do not update it because it seems that the version analyzed by our malware analysts has only been released for testing purposes. Researchers at 411-spyware.com have managed to find two versions of the same infection. They both act very similarly, but their appearances differ a bit. For example, one of the versions has a timer. Also, they display different ransom notes. Ransomware infections are developed by cyber criminals that want users’ money, but it is very likely that you will not need to pay a cent to crooks if you encounter Proticc Ransomware because it has turned out that affected files can be fixed without the special decryption key. Unfortunately, the situation might change completely if the ransomware infection gets an update.
As mentioned, Proticc Ransomware still seems to be in development. Our researchers have proved that it does not work properly by finding out that it does not encrypt files on affected computers. It has turned out that it only changes the name of every affected file and appends the .lol extension at the end, for example, picture.jpg turns into picture.jpg.lol. You will not even notice these changes if you do not have the folder named lol on your Desktop because this ransomware infection affects only selected files in one folder %USERPROFILE%\Desktop\lol. Of course, it does not mean that you will not find out that the ransomware infection has been installed on your PC. Once this infection is executed, it opens a program window with a ransom note. There are two versions that use different ransom notes, as you should already know if you have started reading this article from the very beginning, but no matter which ransom note you see, it is very likely that you have become the ransomware victim if you have found a window with a message on it out of the blue.
One of the versions of Proticc Ransomware claims that files have been locked using “a unique public key RSA-2048 generated for this computer,” but this is not true. The ransomware infection only renamed files at the time of research. As a consequence, it was easy to fix them by undoing the changes applied, i.e. changing their original extensions and names back. You should also try to click the Decrypt Files button on the opened window if the version you have encountered has it – files will be fixed automatically for you. As you can see, Proticc Ransomware is far from a typical ransomware infection, but, of course, it does not mean that you can keep it installed on your computer. As research has shown, the ransomware infection does not drop any additional files, so we are sure you will find a way to delete it from the system yourself.
Proticc Ransomware does not work properly, i.e. it does not encrypt files and anyone can unlock them without the special decryptor, so it is very likely that it is not distributed actively as well. Of course, it does not mean that it cannot become a prevalent threat in the near future. You should know how ransomware infections are usually distributed so that you could prevent them from entering your system. Specialists say that harmful malware usually ends up on users’ PCs because they open malicious attachments from emails or download software that turns out to be malware later on from P2P websites. Do not make mistakes thousands of users make – download software from reliable websites only and do not open any attachments you know nothing about even if they look legitimate.
You do not need to be an expert to eliminate Proticc Ransomware from your computer because we have prepared the manual removal guide that will help you to get rid of this threat in the blink of an eye. You just need to close a window with a ransom note by killing the malicious process and then delete all suspicious files downloaded recently in order to eliminate the malware launcher. If you are looking for a quicker malware removal method, perform a full system scan with an antimalware scanner.