If you’re unfortunate enough to find your Windows computer has been infected by the ProLock ransomware, you’ll find the recovery instructions from the criminals who compromised your PC tell you to do the normal things if you want to regain access to your encrypted files:
Download and install the Tor browser
Visit the ProLock website using Tor, and enter your unique ID
Read how much it’s going to cost you for a decryption key, and pay the required ransom in cryptocurrency into a wallet under the criminals’ control.
ProLock ransomware payment website. Source: Bleeping Computer.
In some cases you may find yourself on the wrong end of a bill totalling hundreds of thousands of dollars to get your files back after they have been ravaged by the ransomware, which is thought to gain access to networks via the Qakbot Trojan horse.
What the hackers don’t tell you – let’s be generous, perhaps because they’re not aware themselves – is that there’s a bug within ProLock’s decryption code.
And, according to a “Flash” alert distributed by the FBI to companies earlier this month, ProLock’s decryptor can actually corrupt files as it tries to decrypt them:
The decryption key or “decryptor” provided by the attackers upon paying the ransom has not routinely executed correctly. The decryptor can potentially corrupt files that are larger than 64MB and may result in file integrity loss of approximately 1 byte per 1KB over 100MB. Added coding may be necessary for the decryptor to function.
Well, that’s upsetting. You’ve spent all your money to get your files back and the ..
Support the originator by clicking the read the rest link below.
