PTP ransomware

September 25, 2018

What is PTP ransomware

PTP – ransomware which targets English and Korean speakers and is developed by Kim from South Korea.

PTP virus is a dangerous cyber threat which is a variant of the Hidden Tear ransomware. According to researchers, PTP ransomware was first discovered on the 8th of August this year and seems to be still in development. The criminal who created this ransomware-type virus seems to be Kim from South Korea as he introduces himself in the ransom note which is named READ_IT.txt. This ransom message announces about the secret encryption when the .PTPRansomware extension is added to each document on the infected computer and urges users to contact the crook via Discord: KimApple # 1159. The note targets English and Korean speaking users and commands that a ransom should be paid in order to get a decryption tool for corrupted documents.

PTP ransomware

PTP ransomware, just as other of its kind, uses an AES cipher to encrypt important files. Both encryption and decryption keys are safely kept on remote servers. Each time the virus infects a different user, it creates uniques codes for the file corruption and unlocking. This is what makes the decryption process almost impossible for a regular user.

Download Removal Toolto remove PTP ransomware

PTP ransomware encrypts files such as:

Images; Databases; Powerpoint; Audios; Videos; etc.

If you spot any of these files with the .PTPRansomware extension, you can be sure that the PTP virus is guilty of this kind of activity and you have to take some actions of your own against the serious infection.

Furthermore, as we can see from the PTP ransomware ransom note, the crooks do not give any particular details about the price type:

However, according to malware experts from , viruses such as PTP ransomware often urge for Bitcoin as the type of currency. This guarantees the secrecy of the process and lets the cybercriminals to spread their activity uncaught.

Even if you are very desperate to get encrypted files back, you should remove PTP virus instead of contacting the cybercriminals as users are very likely to get scammed and left without any decryption tool or other solution. You can fix the damage by using and then think about other possible data recovery methods

Make sure you perform the PTP removal before you try to restore corrupted files. If you do not eliminate the cyber threat before the data recovery process, all your work will be useless as the ransomware-type virus will still be active. If you want to check out some file restoring methods, you can find our suggested ones below this article.

How does PTP ransomware works

If you want to keep your computer safe from various malware such as ransomware-type cyber threats, you need to take some precautionary measures and pay complete attention while performing them. Here are some tips for you:

Notice that ransomware is very likely to be spread through phishing messages. Such emails include dubious attachments or links which are the malicious content. Do not click on any unrecognizable email messages if you receive any; Various third-party networks also might include damaging content. If possible, try to stay away from secondary networks such as P2P ones. They come improperly protected and might contain various unwanted or even harmful components; Keep your personal files safe. If you want to be ready for various possible cyber dangers in the future, you need to think about your data safety as well. Store all important documents on an external device such as a USB flash drive and malware will not be able to reach such information if you keep the USB unplugged from your computer when you are not using it.
Download Removal Toolto remove PTP ransomware

How to delete PTP ransomware

If you have spot files with the .PTPRansomware extension and are wondering, how to remove PTP virus from the computer system permanently, we suggest using professional and trustworthy anti-malware tools such as , , or Anti-MalwareNorton Internet Security. However, feel free to use any other reliable computer fixing software if you are likely to.

Notice that performing the PTP removal manually is not possible. This cyber threat is too dangerous and might leave various hazardous components which might be too hard to detect for low-experienced users. After you deal with the ransomware automatically, take care of some system backups to ensure that your computer is clean from all damaging components.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to PTP ransomware. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove PTP ransomware Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for PTP ransomware or anything related to it, and once you find it, press ‘Remove’.

Uninstall PTP ransomware Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for PTP ransomware or anything related to it, and once you find it, press ‘Remove’.

Delete PTP ransomware Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for PTP ransomware or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If PTP ransomware.safariextz appears on the list, select it and press ‘Clear’.

Remove PTP ransomware Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for PTP ransomware or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that PTP ransomware is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the PTP ransomware program.
  7. Select PTP ransomware or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from PTP ransomware

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete PTP ransomware

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect PTP ransomware, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find PTP ransomware in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *