PTP Ransomware

Posted by Max Lehmann on August 30, 2018

What is PTP Ransomware?

If you live in Korea, PTP Ransomware is an infection you need to put on your radar. At the time of analysis, Anti-Spyware-101.com research team determined that the infection was not fully developed or was buggy, which indicates that it is not a real danger yet. That being said, a new, more powerful version could be released at any point, and you might already be dealing with a fully functional version of this malware by the time you are reading this report. The information gathered by our malware researchers helped us to determine that the infection was created to encrypt files, but it is not yet clear whether or not it would ever be spreading in the wild. If this is conformed, the report will be updated to provide you with the latest information. For now, let’s discuss the potential of the threat and its removal. If you are interested in learning how to delete PTP Ransomware manually or with the help of software, this is the article for you.test

How does PTP Ransomware work?

Hidden Tear is a well-known open source code that was released and is available to anyone interested. PTP Ransomware was built using this code, along with hundreds of other threats, such as Proticc Ransomware, AndreaGalli Ransomware, Crybrazil Ransomware, and Horros Ransomware. In most cases, these infections are weaker than the more infamous file-encryptors, and they often fail to perform even most basic attacks. That is because amateurs are using Hidden Tear. That being said, from time to time, a more serious threat emerges from this family, and so we need to be cautious. According to our research team, if the suspicious PTP Ransomware emerges as a strong threat, it could do serious damage because it can affect over 800 different types of files. That pretty much means that if a personal file is stored on the affected computer, it is bound to be encrypted. During encryption, the threat should use a complicated encryption key, and then “.PTPRansomware” extension should be added to the names of corrupted files. If files are encrypted, you cannot restore them by removing the extension or by deleting the ransomware itself.

The sample tested in our internal lab crashed and did not encrypt any files, but it did create a ransom note file called “READ_IT.txt.” The strange thing about this file is that it does not represent a comprehensive message. Normally, ransom notes are used to demand ransom payments and push users into believing that only the creators of ransomware can help. In this case, the message represented by PTP Ransomware simply informs that the system was infected. The message is delivered in English and Korean, which is why it is believed that Korean users need to be most cautious about this malware. Our research team has also found that the infection created an encryption password made up of 15 letters P and T (e.g., TPPTPTTPPPTTPP). It is unclear what this password would be used for, or if it would be used at all. The tested sample of PTP Ransomware did not work that well, and so it is likely that users would face a different version. All in all, regardless of the version, it must be deleted from the Windows operating system immediately, and users can take the more complicated route, or they can remove the infection in just a few steps.

How to delete PTP Ransomware

PTP Ransomware is a piece of malware that you need to eliminate from your operating system as soon as possible. Hopefully, if you find that you need to delete it, your files have not been encrypted. If they have, your best chance is to look into third-party free file decryptors, but it is highly unlikely that a tool capable of deciphering the encryptor used by this ransomware exists. Obviously, the decryption of files should not bother you at all if your files are backed up. Backing files up is extremely important, and if you do it, you do not need to dread the invasion of malware, technical issues, or even the loss or theft of the device. Your files are safe, and you can access them even if original files are lost, removed, or corrupted. When it comes to the removal of PTP Ransomware, either follow the guide below if you are equipped to erase the threat yourself, or install a reliable anti-malware program to take care of the infection automatically.

Removal Instructions

  1. Find the {unknown name}.exe file that launched the infection, right-click it, and select Delete. This file could be placed on the Desktop or in %USERPROFILE%\Downloads and %TEMP% directories.
  2. Right-click and Delete the ransom note file, READ_IT.txt (could be on the Desktop).
  3. Empty Recycle Bin and then install a malware scanner to perform a full system scan and check for leftovers. 100% FREE spyware scan and
    tested removal of PTP Ransomware*

Stop these PTP Ransomware Processes:

8472e80c6d5efb33c3468ad5823157b3a95c2327cad5556cf8b0c30b9d7c7dd5.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *