The Prometheus ransomware is written in .NET (C#) and encrypts files via Chacha20 or AES-256. The file encryption key is encrypted with RSA-2048 and stored at the end of the file. Some variants of the ransomware can be decrypted for free.

Infected systems will see a ransom note file dropped onto the desktop with one of these names:

HOW_TO_DECYPHER_FILES.txt
UNLOCK_FILES_INFO.txt
Инструкция.txt

Below, you will see an example of a ransom note:



Encrypted files can be recognized by one of these file extensions:

[cmd_bad@keemail.me].VIPxxx
[cmd_bad@keemail.me].crypt
[cmd_bad@keemail.me].CRYSTAL
[KingKong2@tuta.io].crypt
reofgv
y9sx7x
[black_privat@tuta.io].CRYSTAL
BRINKS_PWNED
9ten0p
uo8bpy
iml
locked
unlock
secure[milleni5000@qq.com]
secure
61gutq
hard

Similar:
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
How to Tell the Difference Between a Virus and a False Positive
How to Manage Windows Defender Antivirus Found Threats
What to Do When Your Norton or McAfee Antivirus Expire

  Download