Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • Cant change my homepage
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

ProLock Ransomware

ProLock Ransomware is an infection that is most likely to try to invade Windows operating systems on corporate networks. It appears that the attackers are interested in big fish rather than individual users. Nonetheless, no one is off limits for this kind of malware, and if you have not yet faced this file-encryptor, we suggest that you take appropriate security measures as soon as possible. If you already need to delete this malware from your operating system or network, there are a few steps that you need to take. If you are considering taking the steps introduced by cybercriminals, we suggest that you stop and read this report first. Only once you have all the information about this infection should you decide on what you want to do. If you are already sure that all you want to do is remove ProLock Ransomware, scroll down to the last section of this report to learn about available options and also find a manual removal guide.

According to our research team, ProLock Ransomware is the new variant of PwndLocker Ransomware, which is why our anti-malware tool detects it as PwndLocker.A Ransomware. The predecessor infection was not strong enough, and victims could decrypt the files corrupted by it themselves using an existing flaw. Unfortunately, the new variant has been fixed up, and now the encrypted files cannot be recovered. Speaking of encryption, this malicious threat does not encrypt files with the following extensions only: .bac, .bak, .bat, .bkf, .chm, .cmd, .dll, .dsk, .hlf, .ico, .inf, .ini, .lng, .lnk, .msi, .set, .sys, .ttf, .vhd, .wbc, .win, .exe. Everything else can be encrypted with a complex encryption algorithm. Besides that, the threat also deletes shadow volume copies, and so if you are thinking about using the system restore point, we have bad news for you. On the other hand, if you have backups of all personal files stored online (cloud storage) or externally (external hard drives), once you delete ProLock Ransomware, you will be able to use the existing backups to replace the corrupted files. If you do not have this option, you are in an unfavorable position.

After ProLock Ransomware slithers in – which it is likely to do using RDP vulnerabilities – and drops itself to the %ALLUSERSPROFILE% directory, it encrypts files and deletes shadow volumes immediately. After this, a file named “[HOW TO RECOVER FILES].TXT” is dropped to every folder that contains the encrypted files, which you should be able to identify by the “.proLock” extension appended to their names. The message inside the .TXT file suggests that you need a “special decryption tool” to restore the files, and to obtain this tool, you need to pay a ransom in Bitcoin. Victims are instructed to download the anonymous Tor Browser, visit a special page, and use the provided ID number to log in. This is where missing details regarding the payment (i.e., the sum and the Bitcoin wallet address) are revealed. The attackers also suggest emailing to obtain payment-related information. Of course, we do not recommend contacting the attackers. We also do not recommend paying the ransom because we do not believe that you would get a decryptor in return for your money.

If you can follow the instructions below, you should be able to delete ProLock Ransomware manually. However, is that the best option? Since you also have the big issue of Windows protection, we believe it is much better for you to install trusted anti-malware software to clean and also secure your operating system. The software will automatically remove ProLock Ransomware, and you will not need to worry about facing new infections. Obviously, if your computer is part of a larger network, you need to warn others about the infection, and you might also need to contact the IT support team of the network to alert them about a security breach. After malware is removed and your system is cleaned, hopefully, you can replace the corrupted files with backups. In the future, always create backups if you do not want to lose your personal files, and only rely on legitimate cloud storage systems or trusted external drives to save the copies. At the end of the day, it is always better to be safe than sorry.

ProLock Ransomware Removal

  1. Launch File Explorer by tapping Win+E keys together.
  2. Enter %ALLUSERSPROFILE% into the quick access field at the top to access the directory.
  3. Right-click and Delete these files:
    • clean.bat
    • run.bat
    • WinMgr.bmp
    • WinMgr.xml
  4. Then right-click and Delete every single copy of [HOW TO RECOVER FILES].TXT.
  5. Empty Recycle Bin and scan your system for leftovers with the help of a trusted malware scanner.
Download Spyware Removal Tool to Remove* ProLock Ransomware
  • Quick & tested solution for ProLock Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.