Prandel is one of the ransomware-type programs that are part of the Djvu ransomware family. This particular ransomware was discovered by Michael Gillespie. Typically, programs of this type prevent victims from accessing their data by encrypting them with strong encryption algorithms. Additionally, they create/display ransom notes that contain information on how pay the ransom. In this case such information can be found in the text file named "_readme.txt". Copies of this file are placed in folders that contain encrypted files. Prandel renames all encrypted files, it adds the ".prandel" extension. For example, it renames "sample.jpg" to "sample.jpg.prandel" and so on.
As explained in the "_readme.txt" file, Prandel encrypts files (photos, databases, documents, etc.) with the strongest encryption algorithm. In order to decrypt them, it is necessary to purchase a decryption tool and unique key that cost $980. However, cyber criminals who developed Prandel offer a 50% discount for people who will contact them in the first 72 hours after having their computers infected with this ransomware. Prandel developers can be reached via email (gorentos@bitmessage.ch or gorentos2@firemail.cc) or Telegram (@datarestore). They also offer a free decryption of one file that can be sent to them via one of the given emails or Telegram. However, even if cyber criminals actually have the tools that can decrypt encrypted files, they often do not send them. For this reason we recommend not to pay (or even contact) people who developed Prandel. Besides, there is an offline decryption tool that might be able to help to recover files for free. However, it usually works only if the computer was not connected to the Internet (or remote server used by cyber criminals was not responding) while ransomware was encrypting the files. Another way to recover files without having to buy any decryption tools from cyber criminals is to restore them from a backup that was (if was) created before the encryption.
Most programs of this type are designed to encrypt victim's files and make sure that they could not be used unless a ransom is paid (decryption tool or/and key is purchased). Typically, decryptions without interference of ransomware developers are impossible and victims are forced to pay the ransom (or lose their files). Most common differences between ransomware-type programs are encryption algorithms (symmetric or asymmetric) that they use to lock files and prices of decryption tools/keys. As a rule, the only way to avoid data and financial loss is to restore files from created backups. For this reason we recommend to always have data backed up and keep the backup on a remote server or unplugged storage device. Other examples of programs that are similar to Prandel are Q1G, Kovasoh and Lotej.
How did ransomware infect my computer?
It is unknown how cyber criminals spread Prandel, however, quite often malicious programs usually are distributed via spam campaigns, trojans, fake software updaters, various unreliable software (or file) download sources and unofficial activation ('cracking') tools. Very often ransomware and other malware developers send emails that contain malicious attachments or web links that lead to them. The main point is to trick recipients into opening them by disguising the email as important. Examples of files that they usually attach are Microsoft Office and PDF documents, archive files (like RAR, ZIP), executable files (like .exe), JavaScript and other files. Once opened (or/and executed), these malicious files infect computers with malware or other high-risk malware. Trojans are programs that can be used to spread malicious software too. When installed, they cause chain infections, in other words, they download and install malware. Fake (unofficial) software updaters infect systems when they download and install malware instead of the updates, fixes or exploit bugs and flaws of outdated software. Unreliable download sources such as P2P (Peer-to-Peer) networks, free file hosting websites, freeware download pages, unofficial sites and other sources often contain malicious files. Cyber criminals disguise them as harmless executables or other files that, if downloaded and opened, lead to installations of unwanted, malicious programs. Unofficial tools that supposed to activate installed software for free often cause installations of malware too. These tools are also known as 'cracking' tools, people use them to bypass paid activation.
No comments:
Post a Comment