PPDDDP ransomware is the cryptovirus that encrypts files and damages selective data on the computer

However, malware experts reported[1] that the PPDDDP ransomware virus is still to be investigated because no samples have been submitted yet. The ransom note seems similar, but the contents of this Filerestore.html file are new. As typical for cybercriminals, they try to fake legitimacy and trust, so the message is quite polite and instructional. However, paying these people can lead you to more issues with the machine and even privacy or end up in permanent money and data loss. The price is determined when the victim contacts virus developers directly, so it can get up to hundreds or thousands of dollars in Bitcoin. Do Not write to them at any circumstances. Especially knowing that this threat has a few versions already. The most recent one is a threat that marks files using .dddpp extension.
| Name | PPDDDP ransomware |
|---|---|
| File marker | The pattern that virus uses to append files can differ, and sometimes it doesn't even include the original filename that was known for encryption. However, for the most part, .support@anonymous-service.cc.ppdddp is the extension that shows up on the file once image or document gets encoded |
| Ransom note | FilesRestore.html program window appears once the selected data gets encoded and informs victims about particular actions they can take after that. The message contains your victim's ID and contact information for virus developers, the address where you can get Bitcoins needed for the payment |
| Distribution | Malware is spread via spam email and breaking through unprotected RDP configurations.[2] Criminals also can rely on malicious or hacked sites to deliver this threat around the globe |
| Unique features | Malware is choosing which files to encrypt, not all of them get locked. In one folder, some files get encoded, some damaged, and some permanently corrupted. There is no particular pattern for the selectivity |
| Versions | .dddpp |
| Contact emails | crptcloud@protonmail.ch, support@anonymous-service.cc |
| Danger | This is the virus based on cryptocurrency extortion and blackmail, so you can end up losing money and data of you decide to pay. Also, ransomware can run additional processes in the background to affect or even damage the machine further |
| Elimination | PPDDDP ransomware removal is the process that should be taken seriously, so get an anti-malware program or a similar security tool an run a full system scan to find all malicious files and intruders |
| Repair | Remember that malware can damage the machine from the inside with additional files, programs, and other processes. To get rid of these risks and damage, rely on FortectIntego that can find and fix issues with the system and computers' performance |
Even though PPDDDP ransomware is a unique and new threat it is still a cryptovirus that focuses on encryption and ransom demanding, so profits can get made. It chooses various types of files and encodes them using the AES encryption algorithm and changing the original code of the file. The file marker with email and .ppdddp appendix then appears at the end of the filename.
Not all files get encrypted. In each folder, the PPDDDP ransomware virus selects some files for encryption and composes the name with the name of directory, account, file type, and the extension marking the virus name. Encoded files have a pseudo-XML with the original name of the data and different names at the end. The root folder shows the encrypted file, other items get blank icons with the same name remaining, and the rest gets ruined. Some of the data that gets corrupted becomes useless and the size of 0 Kb.
When malware is done with the encryption processes the further actions get listed on the ransom note that PPDDDP ransomware places on the desktop and opens on the screen directly. The program window lists the places where you can buy Bitcoin and email addresses that is the primary way to contact extortionists. There is no particular ransom amount listed on the initial ransom message because criminals decide the final payment when you contact them.
Thee ransom note file names FileRestore.html displays the following:
Your files has been encrypted!
Hi
We have encrypted your files. Yes we know that it's shitty but it's not a disasster .
You are able to decrypt all files without aftermath for a 48 hours.
If time will expire you'll unable to restore your files.
We'll format your disk and delete decryption keys from our database.
Don't waste your time to check backups, it's also encrypted or deleted.
Your ID: 507e83c9983ac00bcd5331991bd ***** [total 32 characters]
You can buy BTC on one of this sites:
https://www.bestchange.com/paypal-usd-to-bitcoin.html
To get the decryptor you need to send mail with your ID to support@anonymous-service.ccThen you will receive mail with price, instruction for payment and decryption.
Attention!
No Payment = No decryption
You really get the decryptor after payment
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data, because each user's unique encryption key
It may seem the only solution for such infection, but you need to remember that these people are criminals, and they want only your money. They don't care about your data, and it is exceptionally easy to send you malware via email without providing any decryption. So remove PPDDDP ransomware instead of writing any email for these people. 
No matter how trustworthy the test decryption option seems or how polite PPDDDP ransomware developers are, you need to ignore any blackmail messages, demands, and claims about the alleged decryption tool. This software may not even exist and is listed as the only option, so you will pay. Ransom amount can go up to thousands of dollars, so do not even consider paying.
PPDDDP ransomware is powerful and can easily inject other processes and files on the machine, so you cannot access security tools or data recovery options that easily. There are lots of programs and files that can get loaded on the system to keep victims from getting their files back. Shadow Volume Copies may get deleted, so there are not many other data recovery options.
We have listed a few decryption. File restoring solutions for you below the PPDDDP ransomware termination guide. However, the best option for that is anti-malware tools. Remember that cryptovirus drops additional files, runs secondary payloads and install applications, alters functions, registry entries. You cannot find all the associated intruders and files yourself. AV engines can do that for you.
As for the system files that get damaged by the .PPDDDP virus, you should rely on additional help from system repair tools or optimizers like FortectIntego, so damage is fixed, features, and functions repaired without any interference with other processes. These system scans save time for you and ensure that data recovery is safe to perform. These methods are the ones that experts[3] recommend going for. 
Payload droppers can b found on spam emails and in craking tools
Malicious infections like this happen silently, and without any symptoms, so you cannot notice the infection happening, only the aftermath – encryption and other changes. The malicious script gets triggered when the payload is dropped on the machine. This is the process that happens via social media, file-sharing services or even hacked websites.
Email attachments in the format of Microsft documents or even direct links placed in the notification can trigger the drop of ransomware or a virus that infiltrates the cryptovirus on your computer. Hackers can also find vulnerabilities in RDP configurations and programs and exploit those flaws for their advantage.
Stay away from torrent services, avoid cracking software and game cheats. Also, always be cautious when receiving emails out of nowhere. Notifications that are not expected can contain scripts that get easily triggered when opened or attachments get downloaded. Keep the system virus-free by being suspicious of anything that comes out of nowhere.
Get rid of the shady PPDDDP ransomware virus completely
The new versions of PPDDDP ransomware virus can become more persistent than this initial variant, so take that into consideration and make sure to react as soon as you possibly can. Remember that ransomware can be running in the background before it encodes your data and that background processes triggered by the malware are dangerous as well.
Even though we cannot guarantee that your damaged data or the ones that got encrypted can be fully recovered, you need to at least try to salvage those documents, images, and archives. The first step, however, should be the PPDDDP ransomware removal procedure using anti-malware tools like SpyHunterCombo Cleaner, MalwarebytesMalwarebytes, or other AV engines.
When you are sure that you have the best tools to remove PPDDDP ransomware, go ahead and scan the machine fully, delete all indicated programs or files and double-check before doing anything else. FortectIntego can help you with that because of such application checks for damaged system files and functions and repairs them when it is possible. Then you can go for data recovery.
Was this guide helpful?
Be the first to comment