New GarrantyDecrypt ransomware variant impersonates the security team for Proton Technologies

• Researcher spotted a new variant of the GarrantyDecrypt that pretends to be the security team for Proton technologies.
• The ransom note pretending to be from Proton security team claims that the victim’s server has been attacked by an outsider and demands a service fee for decrypting the files.

A security researcher named Michael Gillespie discovered a new variant of GarrantyDecrypt that pretends to be the security team for Proton technologies. GarrantyDecrypt ransomware was first identified in October 2018 by Michael Gillespie.

What is the issue - Gillespie noted that the attackers behind the GarrantyDecrypt ransomware attempted a new tactic of pretending to be the security team for Proton technologies, which is the company behind ProtonMail and ProtonVPN.

“#Ransomware Hunt: no encrypted file submitted, but ransom note "SECURITY-ISSUE-INFO.txt" pretending to be security team from @ProtonMail lol. Note: (link: https://pastebin.com/ditRd4dr) pastebin.com/ditRd4dr,” Gillespie tweeted.

The ransom note pretending to be from Proton security team claims that the victim’s server has been attacked by an outsider and demands a service fee for decrypting the files.

Worth noting

The security researcher spotted a ransom note named ‘SECURITY-ISSUE-INFO.txt’ in which, the attackers stated that the server was attacked by an ‘outsider’ and Proton's SECURE-SERVER service encrypted the data in order to protect it during the attack.

The ransom note also states that Proton's SECURE-SERVER service charges a fee of $780 for decrypting the files. To add legitimacy to the ransom note, the attackers have also added the ‘PROTON SECURE-SERVER SYSTEMS (c) 2019’ copyright statement at the bottom of the ransom note.

The bottom line - If you have received any such email from Proton, then remember that it is not from Proton and you are a victim of the GarrantyDecrypt ransomware.

How to stay protected from ransomware attacks?

• It is always best to have a tested backup of your data that can be restored in case of an attack.
• It is recommended not to open any attachments that are from anonymous senders.
• It is suggested not to connect RDP services directly to the Internet.
• It is best to install a good antivirus program and keep all your systems, software, applications, and OS up-to-date.
• It is best to use complex and strong passwords and never reuse passwords on multiple sites.