What is the Proxima Ransomware Threat?
Proxima is a ransomware program that encrypts data and appends the filenames with a ".proxima" extension.
After Proxima is deployed on a victim system, it drops a ransom-demanding message – "Proxima_Readme.txt" – onto the desktop. This message informs victims that their files have been encrypted and stolen, and they must pay a ransom to decrypt them and avoid having them leaked to hacker forums and blogs. The attackers urge victims to contact them and send an encrypted file for free decryption testing, but warn against renaming or modifying the affected files or using third-party recovery tools as this could lead to permanent data loss.
Encrypted files receive the ".proxima" extension, meaning a file called "image.png" will turn into "image.png.proxima" upon encryption.
Table of Contents
The Proxima ransom note
The complete text of the ransom note generated by Proxima reads as follows:
Proxima Ransomware
What's happened?
ALL YOUR FILES ARE STOLEN AND ENCRYPTED.
To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us.What guarantees?
Before paying you can send us a small-sized file (a non-important file), and we will decrypt it for free as guarantee.How will the decryption process proceed after payment?
After payment, we will send you our decryption program + detailed instructions for use. With this program, you will be able to decrypt all your files.
If some files has encrypted but not renamed; these files will be restored after the decryption procedure is completed.CONTACT US:
Please write an email to: mikel@onionmail.org and mikel@cyberfear.com
Write this ID in the title of your message: -ATTENTION!
Do not rename or modify encrypted files.
Do not try to decrypt using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price(they add their fee to our).
We use hybrid encryption, no one can restore your files except us.
remember to hurry up, as your email address may not be available for very long.
All your stolen data will be loaded into cybercriminal forums/blogs if you do not pay ransom.
How is ransomware usually distributed?
Ransomware is usually distributed through malicious emails, malicious websites, and exploit kits. It can also be spread through social media platforms, such as Facebook and Twitter. Additionally, ransomware can be spread through file-sharing networks and peer-to-peer networks.
Can you protect your data against ransomware attack?
Yes, it is possible to protect your data against ransomware attacks. The best way to do this is by regularly backing up your files and storing them in a secure location. Additionally, you should ensure that all of your software is up-to-date and that you have an antivirus program installed on your computer. You should also be wary of suspicious emails or links, as these can often contain malicious code that can infect your system with ransomware. Finally, if you do become infected with ransomware, it is important to not pay the ransom as this only encourages the attackers and does not guarantee that they will decrypt your files.
