Promorad2 is a cryptovirus and ransomware. A variant of DJVU ransomware (we have an article about DJVU here).
In short, Promorad2 is another variant of DJVU — an encryption virus that, once it has infected your computer, will scramble the data and make your most important files unusable. Promorad2 encrypts most common files and asks for money transfers in exchange for restoring the files. Those who especially value their time and who are not ready for a cryptovirus attack are the most vulnerable to the damage that the loss of data can cause. They might be tempted to pay the ransom, though we advise against it.
Promorad2 spreads via unofficial software downloads and deceptive emails and exploits security vulnerabilities caused by out-of-date antivirus and absent-minded users.
How dangerous is Promorad2?
Promorad2 targets your ability to work:
If Promorad2 infected your computer, it can encrypt your most valuable files. Encrypted files become entirely unusable: they cannot be opened, recovered, and attempting to edit them can irrevocably corrupt them.
This it especially dangerous to small businesses. Promorad2, like other ransomware, target file types most likely to include important work, like .dic, .xls, .pdf. Having them all encrypted can disrupt or completely halt the productivity of a business. This is why some do cave in and pay exorbitant amounts of money just to be able to continue their work as soon as possible.
Ransomware extorts money
Most of all, the creators of Promorad2 want money. They seek to disrupt your productivity because they know how much people and businesses value their time. Thus, Promorad2 offers to decrypt your files for the expensive but ultimately attainable price of $980.
Even if you pay, there is no guarantee that your files will be restored
According to Cyberedge, only three in five people who pay the ransom for decryption of their files actually get their files back. Some cybercriminals just want money and are not willing to put in the effort to return your files once they got your money. And, because they use cryptocurrency, you cannot appeal to get your money back: The transactions are irreversible.
How does it spread?
Email attachments are one way that ransomware like Promorad2 spreads. The emails can be made to look like they are from a well-known company, social media site, or service. They might be made to look urgent and intriguing to encourage the user to check it out. But even a familiar looking attachment or link might carry a virus. Watch out for misspelled links to popular websites, reminders that you did not expect, parcels that you did not order.
Another way for ransomware to spread is unofficial software downloads. Software cracks, pirated programs, “free” versions of expensive programs can be bundled with a trojan virus; in fact, a crack for MS Office is known to have spread some variants of DJVU.
How does Promorad2 work?
Promorad2, like other cryptoviruses, encrypt computer files by using an algorithm to turn them into seemingly random data. Once encrypted, the files become completely unusable. This data can be unscrambled if you had your private key. However, it is held by the creators of Promorad2 and is inaccessible to normal users. You could try to guess your key, but the chances of guessing it right are astronomically low. This is why the encrypted files are often considered to be lost.
Once it has encrypted your files, Promorad2 leaves a message:
—————- ALL YOUR FILES ARE ENCRYPTED —————-
Don’t worry, you can return all your files!All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.You can get and look video overview decrypt tool:https://we.tl/t-wlvjUfRfvMPrice of private key and decrypt software is $980.Discount 50% available if you contact us first 72 hours, that’s price for you is $490.Please note that you’ll never restore your data without payment.Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.—————————————————————–
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
How to solve this?
Wait for a decryption tool:
If you do not have a backup of your files, it might still be worth to save the encrypted files. It is possible that at some point in the future a decryption tool will be created, or the private keys will be released.
A decryption tool is available if your files were encrypted using a certain key while your computer was offline (here’s a direct download link: Click here).
Remove the virus
The surest way to prevent the virus from doing any more damage (such as spying on you by recording your keyboard presses, blocking websites, editing your security settings) is to scan all your files with a trusted and up-to-date antivirus program. A professional and reputable programs, something like Spyhunter, or Malwarebytes. Some antivirus tools are free, others are paid, but it’s important to remove Promorad2 completely from your PC so that it does not cause any more problems than it already has. Specifically, keyloggers can steal your passwords and banking information, and other spyware.
It is possible that Promorad2 has edited your settings and is preventing you from accessing some websites. You can fix that by checking and editing your hosts’ file (we have instructions in this article.
How to avoid this in the future?
Keep your antivirus up-to-date:
It is immensely important to update antivirus and antimalware programs as frequently as they need it. New viruses are created and spread quickly — for example, the WannaCry virus spread through multiple businesses and hospitals all over Europe in only two days —, and, if the antivirus software does not have the newest descriptions, it might fail to recognize and stop malware from infecting your computer.
Regularly back up your files:
Back up all your important files and programs regularly. Keep the storage offline, or in the cloud — that way, whatever virus infects your PC, will not spread to the backup. Any backups stored on your main PC are as vulnerable to cryptoviruses as your regular files.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,