Avast Decryption Tool for Prometheus decrypts files held by the Prometheus ransomware strain.
The Prometheus ransomware is written in .NET (C#) and encrypts files via Chacha20 or AES-256. The file encryption key is encrypted with RSA-2048 and stored at the end of the file. Some variants of the ransomware can be decrypted for free.
Infected systems will see a ransom note file dropped onto the desktop with one of these names:
HOW_TO_DECYPHER_FILES.txt
UNLOCK_FILES_INFO.txt
Инструкция.txt
Below, you will see an example of a ransom note:
Encrypted files can be recognized by one of these file extensions:
[cmd_bad@keemail.me].VIPxxx
[cmd_bad@keemail.me].crypt
[cmd_bad@keemail.me].CRYSTAL
[KingKong2@tuta.io].crypt
reofgv
y9sx7x
[black_privat@tuta.io].CRYSTAL
BRINKS_PWNED
9ten0p
uo8bpy
iml
locked
unlock
secure[milleni5000@qq.com]
secure
61gutq
hard
Similar:
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
How to Tell the Difference Between a Virus and a False Positive
How to Manage Windows Defender Antivirus Found Threats
What to Do When Your Norton or McAfee Antivirus Expire
Download