PTP Ransomware: An Overview
PTP Ransomware is one of the generic variant of Hidden tear Ransomware project that was uploaded as open source code. This ransom virus was detected recently on 8th Aug 2018 and is under development phase. Not much was known till the writing of this article. However it is evident and can be concluded that it is designed by hackers of South Korea. The team behind it have uploaded samples of PTP Ransomware on the South Korean based servers. As a precautionary measures users are advised not to open any archive files that appears to be suspicious. As the hackers are using password protected archive files to deliver PTP Ransomware on the compromised PC. Also users are warned not to install any java related updates to ensure any possible attack of PTP Ransomware on to their system as such.
Strategy Hackers Will Use for PTP Ransomware
As reported by researchers, this malware is designed in such a way that it can easily encipher and encode files viz text, images, audio files, MP3, PDFs, eBooks, spreadsheets, doc files and even presentations. So it is very clear that PTP Ransomware can attack one and all important Organization based files and documents and bring them at larger risks. It renames the files and can hold them hostage by adding .PTPRansomware strings at the end of extension name. The ransom note which is dropped on to the compromised PC clearly shows as READ_IT.TXT, the text is written in both English as well as Korean language that clearly indicates the intention of hackers to target users of these regions and make them an easy victims for the payment of ransom.
The ransom note can be cleary read as
Made by KimApple,
You have been infected with PTP Ransomware
The file was sucked into construction
PTP Ransomware will come back
The computer has become a fool
Discord : KimApple#1159′
What more it can be known that the ransom note has been translated to English version using automatic translation service such as Google Translator. The ultimate form of PTP Ransomware is not yet complete and is under development phase as mentioned at the starting of the post. Lets hope that hackers drop the idea to develop this ransomware altogether since it came in news as they might abandon the project altogether. However users are advised to follow safety measures such as creating and updating backups regularly. Avoid visiting porn sites or clicking on suspicious emails and attachments sent across unknown network or senders and regularly scanning their PC. Also thet should follow the guide given below in case if and when their PC might be infected with PTP Ransomware in future.