Severity scale:  

Remove PTP ransomware (Removal Guide) - Free Instructions

removal by Alice Woods - - | Type: Ransomware

PTP – ransomware which is a Hidden Tear variant targeting English and Korean-speaking users 

PTP virus

PTP virus is a dangerous cyber threat which is a variant of the Hidden Tear ransomware. According to researchers, PTP ransomware was first discovered on the 8th of August this year and seems to be still in development. The criminal who created this ransomware-type virus[1] seems to be Kim from South Korea as he introduces himself in the ransom note which is named READ_IT.txt. This ransom message announces about the secret encryption when the .PTPRansomware extension is added to each document on the infected computer and urges users to contact the crook via Discord: KimApple # 1159. The note targets English and Korean speaking users and commands that a ransom should be paid to get a decryption tool for corrupted documents.

Name PTP
Category Ransomware
First spotted August 8, 2018
Related to Hidden Tear
Developer Kim from South Korea
Extension .PTPRansomware
Ransom message READ_IT.txt
Crook's contacts Discord: KimApple # 1159
Removal Install Reimage Reimage Cleaner Intego

PTP ransomware, just as other of its kind, uses an AES cipher[2] to encrypt important files. Both encryption and decryption keys are safely kept on remote servers. Each time the virus infects a different user, it creates uniques codes for the file corruption and unlocking. This is what makes the decryption process almost impossible for a regular user.

PTP ransomware encrypts files such as:

  • Images;
  • Databases;
  • Powerpoint;
  • Audios;
  • Videos;
  • etc.

If you spot any of these files with the .PTPRansomware extension, you can be sure that the PTP virus is guilty of this kind of activity and you have to take some actions of your own against the serious infection.

Furthermore, as we can see from the PTP ransomware ransom note, the crooks do not give any particular details about the price type:

당신 은 the PTP ransomware  에  감염 되었습니다 
파일 은 으로 시공 뽑려 들어 갔습니다 
the PTP ransomware 는 것 입니다 다시 돌아올. 
하세요 수고 
컴퓨터 는 가 바보 되었습니다 
Made By KimApple 
You have Been infected directory with the PTP ransomware 
of The file WAS sucked construction Into 
the PTP will of ransomware have come back. 
hard work 
of The computer has Become a fool 
Discord: KimApple # 1159

However, according to malware experts from[3], viruses such as PTP ransomware often urge for Bitcoin as the type of currency. This guarantees the secrecy of the process and lets the cybercriminals to spread their activity uncaught.

Even if you are very desperate to get encrypted files back, you should remove PTP virus instead of contacting the cybercriminals as users are very likely to get scammed and left without any decryption tool or other solution. You can fix the damage by using Reimage Reimage Cleaner Intego and then think about other possible data recovery methods

Make sure you perform the PTP removal before you try to restore corrupted files. If you do not eliminate the cyber threat before the data recovery process, all your work will be useless as the ransomware-type virus will still be active. If you want to check out some file restoring methods, you can find our suggested ones below this article.

PTP ransomwarePTP virus - a variant of the commonly known Hidden Tear ransomware which is still developing.

Stay away from ransomware by following several important tips

If you want to keep your computer safe from various malware such as ransomware-type cyber threats, you need to take some precautionary measures and pay complete attention while performing them. Here are some tips for you:

  • Notice that ransomware is very likely to be spread through phishing messages. Such emails include dubious attachments or links which are the malicious content. Do not click on any unrecognizable email messages if you receive any;
  • Various third-party networks also might include damaging content. If possible, try to stay away from secondary networks such as P2P ones. They come improperly protected and might contain various unwanted or even harmful components;
  • Keep your personal files safe. If you want to be ready for various possible cyber dangers in the future, you need to think about your data safety as well. Store all important documents on an external device such as a USB flash drive and malware will not be able to reach such information if you keep the USB unplugged from your computer when you are not using it.

Eliminate PTP virus

If you have spot files with the .PTPRansomware extension and are wondering, how to remove PTP virus from the computer system permanently, we suggest using professional and trustworthy anti-malware tools such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, or Malwarebytes. However, feel free to use any other reliable computer fixing software if you are likely to.

Notice that performing the PTP removal manually is not possible. This cyber threat is too dangerous and might leave various hazardous components which might be too hard to detect for low-experienced users. After you deal with the ransomware automatically, take care of some system backups to ensure that your computer is clean from all damaging components.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove PTP virus, follow these steps:

Remove PTP using Safe Mode with Networking

Reboot your computer to Safe Mode with Networking by following these instructions:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove PTP

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete PTP removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove PTP using System Restore

Activate the System Restore feature with the help of these steps and disable the virus:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of PTP. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that PTP removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove PTP from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If you are wondering, how to get important data back, we have provided some data recovery methods which might be helpful. Follow each step carefully.

If your files are encrypted by PTP, you can use several methods to restore them:

Try using Data Recovery Pro for file restoring:

Follow the instructions of this method as cautiously as you can, and you might be able to get corrupted documents back.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by PTP ransomware;
  • Restore them.

Use the Windows Previous Versions method and get some individual files back:

However, you need to know one important thing about this method. It will only work if you activated the System Restore feature in the past. If you did not, go and look through other data recovery software.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer might help you with file recovery:

Sadly, if the ransomware-type virus did erase Shadow Copies of corrupted documents, this method might be useless. If the threat did not manage to destroy Shadow Volume Copies, you can definitely give this method a try.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

There is no official PTP ransomware decryptor yet.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from PTP and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions


Your opinion regarding PTP ransomware