Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

PTP Ransomware

The ransom note introduced to the victims of PTP Ransomware is presented in Korean, which is why it is believed that the infection was either created in Korea, or is targeted at users who live in this country. In the past, we have observed other threats with this specific target, including KoreanLocker Ransomware and Korean AdamLocker Ransomware. The first one was even created using the same open-source code (Hidden Tear) as the one used for the creation of the PTP malware. Our research team has analyzed the threat, and it is unlikely that it is fully functional at this point. If we are lucky, it will not become a serious threat in the future. That being said, we need to be ready, and we need to prepare potential victims. If you are yet to face this or any other ransomware, quickly back up ALL personal files and install a legitimate security tool. If your operating system and personal files were attacked already, there are certain things you need to do as soon as possible. It is most important, of course, that you remove PTP Ransomware.

Do you receive lots of spam and strange emails? Even if you do not, one single corrupted email could change the story. It is believed that PTP Ransomware would spread primarily via email if it was active. How does that work? The attacker obtains your email address – which could be recorded with the help of phishing and social engineering scams, or obtained during a data leak – and then sends you a believable message. It could appear to be sent by a familiar package delivery company, and airline, or even your bank. If the message is believable, you could be tricked into opening an email attachment that, in reality, is the launcher of PTP Ransomware. Of course, we suggest deleting spam emails. Once executed, this malware should connect to a remote server to obtain a decryption key, but, at this point in time, a fake one is used, which indicates that it does not work yet. Maybe it is still in development, and maybe hundreds or thousands of Windows users will have to delete it from their operating systems in the future. That is still pretty much up in the air.

After successful invasion, PTP Ransomware should go on to encrypt files, and our malware experts have found out that the threat is set to encrypt at least 859 unique types of files, including those with .doc, .ppt, .pdf, .java, .jpg, .mp3, and other extensions. Speaking of extensions, after encryption, the threat should add its own extension (“.PTPRansomware”) to all filenames. The final act should be the creation of the “READ_IT.txt” file, and it is most likely to be created on the Desktop. The current version of the message inside the file is available in both Korean and English, and it informs that the system was infected. No details are available, and it is not even clear that files are encrypted. That is something the user, apparently, has to figure out on their own. In most cases, of course, ransomware threats request ransom payments in return for alleged file decryptors. If PTP Ransomware was ever upgraded, it is likely to request the same thing too. Paying a ransom is NOT something anyone should do because all promises are empty and are only meant to trick gullible users into giving up their savings.

PTP Ransomware does not really spread or exist in the real world, and there is a good chance that it will shift and change in the future. This is why the removal guide below is quite vague. Nonetheless, it might help you catch and delete PTP Ransomware manually. Of course, if we learn about any specific components or elements that require removal, this guide will be upgraded. Since manual removal is kind of uncertain, implementing anti-malware software is the better idea. It can detect and erase all malicious components automatically, which means that you do not need to do anything to clean your operating system. This can be especially helpful if other threats exist. The most helpful thing, however, is if you have your files backed up. If you do not, regaining access to encrypted data might be impossible. This is why backing up data is the most important thing to do, along with the installation of reliable anti-malware software.

PTP Ransomware Removal

  1. Tap Ctrl+Alt+Delete.
  2. Select Start Task Manager.
  3. Identify the {unknown name} process of the ransomware and right-click it.
  4. Select Open file location to access the {unknown name}.exe ransomware file.
  5. Select the process and click End process, and then right-click the file and select Delete.
  6. Delete the ransom note file called READ_IT.txt.
  7. As soon as you Empty Recycle Bin, run a full system scan using a legitimate malware scanner.
Download Spyware Removal Tool to Remove* PTP Ransomware
  • Quick & tested solution for PTP Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.