Do you know what ProLock Ransomware is?
ProLock Ransomware is a file-encrypting threat targeted at companies and not regular home users. Unfortunately, many must work from home and use Remote Desktop Protocol connections because of the COVID-19 outbreak. Thus, we would not be surprised if this malicious application could end up on home computers that are currently used for remote working. In any case, whether you came across this malware or just want to learn how to protect your computer from it, we encourage you to read our full report. Also, we can offer our removal guide available below. It explains how you could delete ProLock Ransomware manually. Of course, such a task could be challenging and if you find it too difficult, we recommend using a legitimate antimalware tool instead.
As mentioned earlier, ProLock Ransomware is targeted at computers that could belong to various organizations. Usually, such threats are distributed through unsecured Remote Desktop Protocol connections. The mentioned unsecured connections can provide hackers access to targeted machines and make it possible to implant the ransomware.
Thus, if you have to use Remote Desktop Protocol connections for work or personal use, we recommend making sure that they are secured. It means you should set up a strong password as well as take advantage of other available security precautions like Two-Factor authentication that could prevent unauthorized access. Besides, cybersecurity specialists advise employing a trustworthy antimalware tool that comes from reputable developers to guard the computer. Also, since many ransomware applications travel with spam emails, it would be wise not to interact with doubtful files or links received via email.
If the malware is launched it should settle in by creating some files in the %ALLUSERSPROFILE% directory. Soon after doing this, ProLock Ransomware should start encrypting various valuable files that should be marked with the .proLock extension. Our researchers say that every directory containing encrypted files should get a text file called [HOW TO RECOVER FILES].txt. Inside of this document, you should find detailed instructions explaining that users can get decryption tools to recover their files from the malware’s creators if they pay ransom. The text note should also say that victims have one month to get their decryption tools or else they will be no longer available.
ProLock Ransomware screenshot
Scroll down for full removal instructions
The reason we do not recommend putting up with any demands is that ProLock Ransomware’s creators might not hold on to their end of the bargain. Thus, if you do not want to be scammed, we advise concentrating on the threat’s removal. There are two ways to erase ProLock Ransomware. The first one is to delete all data belonging to it manually. If you need any guidance to complete this task, you can follow our removal guide that explains how to find, and erase data associated with the malicious application. If you do not want to deal with the malware manually, you should scan your system with a reputable antimalware tool and let it delete ProLock Ransomware for you.
Delete ProLock Ransomware
- Restart your computer in Safe Mode with Networking.
- Press Windows Key+E.
- Locate these directories:
%USERPROFILE%\Desktop
%USERPROFILE%\Downloads
%TEMP% - Find the malware’s launcher (suspicious recently downloaded file), right-click it, and select Delete.
- Find this directory: %ALLUSERSPROFILE%
- Locate the following files:
WinMgr.xml
WinMgr.bmp
clean.bat
run.bat - Right-click the listed files (WinMgr.xml, WinMgr.bmp, clean.bat, and run.bat) one by one and press Delete to erase them.
- Find files called [HOW TO RECOVER FILES].TXT, right-click them, and select Delete.
- Close File Explorer.
- Empty Recycle Bin.
- Restart your computer.
In non-techie terms:
ProLock Ransomware is a malicious application that encrypts files located on the systems that it enters. Since the malware leaves executable files and some other specific types of files alone, our researchers say that it should not encrypt program data or files belonging to Windows. As for documents, pictures, and data alike, it should get locked with a robust encryption algorithm. Plus, the threat ought to mark each encrypted file with the .proLock extension. Afterward, the malicious application should drop ransom notes that ought to ask to pay ransom to get decryption tools. Even though it might be the only way to restore files, we do not recommend putting up with any demands for victims who do not want to risk losing their money. As you see, you cannot be certain that hackers will hold on to their promises. What we recommend is erasing ProLock Ransomware with a reliable antimalware tool or the removal guide available above because leaving it on a system could be dangerous.