Proticc Ransomware

There are at least two unique versions of Proticc Ransomware, and you can protect your operating system against both of them using simple security measures. The most important thing to do is to install anti-malware software to protect the operating system against successful malware attacks, as well as to set up an external/online file backup to ensure that copies of most important files are stored outside the computer. If backups exist, you don't need to deal with the loss of files even if malware finds its way in. Needless to say, the situation is different if backups are non-existent because, in that situation, you might find yourself in the mercy of cyber criminals. Ransomware is usually capable of encrypting files and then demanding huge ransom payments in return for decryption tools. The same goes for the malware we are discussing in this report. Although the tested versions of this malware did not encrypt data successfully, the potential is there. Hopefully, if you need to remove Proticc Ransomware, you are dealing with a dysfunctional version of this malware. If your files are actually encrypted, you will not save them even by deleting the ransomware.

Proticc Ransomware was created by an unknown cyber criminal who used the well-known Hidden Tear open source code. It has been used by the creators of AndreaGalli Ransomware, Cyberresearcher Ransomware, and many other infections. Since most of these threats are built by amateurs and inexperienced criminals, they rarely work and are rarely distributed successfully. Unsurprisingly, Proticc Ransomware does not work that well either. At least, it did not work at the time of research. As mentioned earlier, two different versions of this malicious infection were found, and while they both function in the same manner, the ransom notes associated with them are unique. When the malicious threat enters the system using a malicious installer or a misleading spam email attachment, it is meant to encrypt files; however, at the time of research, it could not do that. Instead, it attached the “.lol” extension to the names of the files it, allegedly, affected. Although the ransom note represented via the infection’s window suggested that the files were encrypted, in fact, they could be fully restored by removing the added extension. Unfortunately, there is a possibility that the threat could be upgraded, in which case, it might not be enough to remove the extension.

Our researchers have analyzed the two different versions of Proticc Ransomware, and the only difference between them is found in the ransom note. In the first version, the user should be able to use the “Show encrypted files” feature to view the corrupted files. It is also suggested that files were corrupted using the RSA-2048 key and that a special “private” key is required for decryption. No information about how the victim would have to obtain this key is presented. The second version of the Proticc Ransomware ransom note informs that the victim has one hour to decrypt files before they are allegedly deleted, and a timer is presented alongside the message. This version does not explain how to obtain the key either. Clearly, this malware has not been fully developed yet. It is also possible that it was created as a test. Anyhow, if the infection was upgraded, it would, most likely, instruct the victim to pay a ransom, and doing that is not recommended. That is because cyber criminals cannot be trusted. Instead, we suggest focusing on the removal of the infection.

Since the malicious Proticc Ransomware does not appear to be fully completed, there is no specific removal guide that you could use. Nonetheless, you can use the guide below to terminate the window of the infection. It also reveals the most common file download locations, where you might find the launcher of the devious ransomware as well. Of course, our research team recommends installing anti-malware software without further hesitation. If it exists, you will have Proticc Ransomware deleted automatically. The software will also eliminate other threats that might exist, and it will reinforce Windows protection to ensure that malicious file-encryptors cannot invade your operating system in the future.

Proticc Ransomware Removal

1. Tap keys Ctrl+Alt+Delete and click Start Task Manager.
2. In the Processes tab right-click the malicious {unknown name} process and select Open file location. It might be located in these directories:
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
   • %TEMP%
3. Terminate the malicious process and then Delete the malicious .exe file.
4. Empty Recycle Bin and then perform a full system scan. You want to make sure that malicious leftovers do not exist.