Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Sep 2018

How to remove PTP ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Alice Woods · Likes to teach users about virus prevention

PTP – ransomware which is a Hidden Tear variant targeting English and Korean-speaking users 

PTP virus

PTP virus is a dangerous cyber threat which is a variant of the Hidden Tear ransomware. According to researchers, PTP ransomware was first discovered on the 8th of August this year and seems to be still in development. The criminal who created this ransomware-type virus[1] seems to be Kim from South Korea as he introduces himself in the ransom note which is named READ_IT.txt. This ransom message announces about the secret encryption when the .PTPRansomware extension is added to each document on the infected computer and urges users to contact the crook via Discord: KimApple # 1159. The note targets English and Korean speaking users and commands that a ransom should be paid to get a decryption tool for corrupted documents.

Name PTP
Category Ransomware
First spotted August 8, 2018
Related to Hidden Tear
Developer Kim from South Korea
Extension .PTPRansomware
Ransom message READ_IT.txt
Crook's contacts Discord: KimApple # 1159
Removal Install FortectIntego

PTP ransomware, just as other of its kind, uses an AES cipher[2] to encrypt important files. Both encryption and decryption keys are safely kept on remote servers. Each time the virus infects a different user, it creates uniques codes for the file corruption and unlocking. This is what makes the decryption process almost impossible for a regular user.

PTP ransomware encrypts files such as:

  • Images;
  • Databases;
  • Powerpoint;
  • Audios;
  • Videos;
  • etc.

If you spot any of these files with the .PTPRansomware extension, you can be sure that the PTP virus is guilty of this kind of activity and you have to take some actions of your own against the serious infection.

Furthermore, as we can see from the PTP ransomware ransom note, the crooks do not give any particular details about the price type:

한국어 
당신 은 the PTP ransomware  에  감염 되었습니다 
파일 은 으로 시공 뽑려 들어 갔습니다 
the PTP ransomware 는 것 입니다 다시 돌아올. 
하세요 수고 
컴퓨터 는 가 바보 되었습니다 
Made By KimApple 
English 
You have Been infected directory with the PTP ransomware 
of The file WAS sucked construction Into 
the PTP will of ransomware have come back. 
hard work 
of The computer has Become a fool 
Discord: KimApple # 1159

However, according to malware experts from NoVirus.uk[3], viruses such as PTP ransomware often urge for Bitcoin as the type of currency. This guarantees the secrecy of the process and lets the cybercriminals to spread their activity uncaught.

Even if you are very desperate to get encrypted files back, you should remove PTP virus instead of contacting the cybercriminals as users are very likely to get scammed and left without any decryption tool or other solution. You can fix the damage by using FortectIntego and then think about other possible data recovery methods

Make sure you perform the PTP removal before you try to restore corrupted files. If you do not eliminate the cyber threat before the data recovery process, all your work will be useless as the ransomware-type virus will still be active. If you want to check out some file restoring methods, you can find our suggested ones below this article.

PTP ransomware

Stay away from ransomware by following several important tips

If you want to keep your computer safe from various malware such as ransomware-type cyber threats, you need to take some precautionary measures and pay complete attention while performing them. Here are some tips for you:

  • Notice that ransomware is very likely to be spread through phishing messages. Such emails include dubious attachments or links which are the malicious content. Do not click on any unrecognizable email messages if you receive any;
  • Various third-party networks also might include damaging content. If possible, try to stay away from secondary networks such as P2P ones. They come improperly protected and might contain various unwanted or even harmful components;
  • Keep your personal files safe. If you want to be ready for various possible cyber dangers in the future, you need to think about your data safety as well. Store all important documents on an external device such as a USB flash drive and malware will not be able to reach such information if you keep the USB unplugged from your computer when you are not using it.

Eliminate PTP virus

If you have spot files with the .PTPRansomware extension and are wondering, how to remove PTP virus from the computer system permanently, we suggest using professional and trustworthy anti-malware tools such as FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes. However, feel free to use any other reliable computer fixing software if you are likely to.

Notice that performing the PTP removal manually is not possible. This cyber threat is too dangerous and might leave various hazardous components which might be too hard to detect for low-experienced users. After you deal with the ransomware automatically, take care of some system backups to ensure that your computer is clean from all damaging components.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.