PRESS Virus 🔐 (.PRESS Files) — How to Remove?

by Brendan Smith
January 22, 2024

The Press virus belongs to the ransomware type of infection. Malware of this type encrypts all user’s data on the computer (images, text files, excel sheets, audio files, videos, etc) and adds its extra extension to every file, leaving the RECOVERY NFO.txt files in every folder which contains the encrypted files.

What is Press virus?

Press will add its extra .press extension to the title of each encoded file. For instance, a file named “photo.jpg” will be turned into “photo.jpg.press”. In the same manner, the Excel sheet with the name “table.xlsx” will be altered to “table.xlsx.press”, and so forth.

In every directory that contains the encrypted files, a RECOVERY NFO.txt text file will be created. It is a ransom money note. Therein you can find information about the ways of contacting the racketeers and some other information. The ransom note most probably contains instructions on how to purchase the decryption tool from the tamperers. You can get this decoding tool after contacting [email protected] via email. That is pretty much the scheme of the malefaction.

Press Overview:

Name Press Virus
Extension .press
Ransomware note RECOVERY NFO.txt
Contact [email protected]
Detection Gator.Adware.Advertising.DDS Virus Removal, Adware:Win32/Trickler Virus Removal, Trojan:MSIL/AgentTesla.AQF!MTB Virus Removal
Symptoms Your files (photos, videos, documents) get a .press extension and you can’t open them.
Fix Tool See If Your System Has Been Affected by Press virus

The RECOVERY NFO.txt file accompanying the Press ransomware states the following:

Hello!


We\'re sorry, but your data are stolen and encrypted.
In case of nonpayment - all sensitive information will be sold or made publicly accessible.
Compared to other ransomware we charge a lot less, so don\'t be stingy!
If you pay - we will provide you with decryption software and remove your data from our servers. We work honesty!   
Warning! Do not delete or modify any files, it can lead to recovery problems!


You can contact us using TOX messenger without registration and SMS hxxps://tox.chat/download.html
Tox ID:  ABF256935FB3F8E5DE4E0127A98300EA41B9F3F651598B1BF37823EA46E8017CC740F9FFED83


Or download Tor Browser hxxps://www.torproject.org/download/   , create an account on the mail service onionmail.org and email us at [email protected]

      
Send us your KeyID and 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 2 mb) for free decryption.
Use -


Good luck!


Key Identifier:

In the image below, you can see what a folder with files encrypted by the Press looks like. Each filename has the “.press” extension added to it.

Press Virus - encrypted .press files

An example of encrypted .press files.

How did my computer get infected with Press ransomware?

There is a huge number of possible ways of ransomware infiltration.

There are currently three most popular methods for criminals to have the Press virus planted in your digital environment. These are email spam, Trojan injection and peer file transfer.

  • Another thing the hackers might try is a Trojan file scheme. A Trojan is a program that infiltrates into your PC pretending to be something different. For instance, you download an installer for some program you need or an update for some service. But what is unboxed reveals itself a harmful program that encrypts your data. Since the update file can have any name and any icon, you have to make sure that you can trust the source of the files you’re downloading. The best thing is to use the software companies’ official websites.
  • As for the peer file transfer protocols like torrent trackers or eMule, the danger is that they are even more trust-based than the rest of the Internet. You can never guess what you download until you get it. So you’d better be using trustworthy websites. Also, it is reasonable to scan the folder containing the downloaded files with the antivirus as soon as the downloading is finished.

How do I get rid of ransomware?

It is crucial to inform you that besides encrypting your files, the Press virus will probably install Vidar Stealer on your computer to seize your credentials to different accounts (including cryptocurrency wallets). That spyware can derive your credentials from your browser’s auto-filling cardfile.

How do I avoid ransomware infiltration?

Press ransomware doesn’t have a endless power, neither does any similar malware.

You can defend your PC from ransomware infiltration taking several easy steps:

  • Ignore any letters from unknown senders with strange addresses, or with content that has likely no connection to something you are waiting for (how can you win in a money prize draw without even taking part in it?). If the email subject is likely something you are waiting for, scrutinize all elements of the dubious letter with caution. A fake letter will surely have mistakes.
  • Do not use cracked or unknown software. Trojan viruses are often spreaded as a part of cracked products, most likely under the guise of “patch” preventing the license check. Understandably, dubious programs are difficult to distinguish from trustworthy software, because trojans sometimes have the functionality you seek. Try searching for information on this program on the anti-malware forums, but the optimal way is not to use such programs at all.

FAQ

🤔 How can I open “.press” files?Is it possible to open“.press” files?

Unfortunately, no. You need to decipher the “.press” files first. Then you will be able to open them.

🤔 I really need to decrypt those “.press” files ASAP. How can I do that?

Hopefully, you have made a copy of those important files. Otherwise, you might try to employ System Restore. The only question is whether you have saved any Restore Points that would be helpful now. The rest of the methods require patience.

🤔 What to do if the Press ransomware has blocked my computer and I can’t get the activation key.

🤔 What can I do right now?

Some of the blocked files can be found elsewhere.

  • If you sent or received your critical files through email, you could still download them from your online mail server.
  • You may have shared images or videos with your friends or relatives. Simply ask them to post those pictures back to you.
  • If you have initially got any of your files from the Internet, you can try doing it again.
  • Your messengers, social networks pages, and cloud drives might have all those files as well.
  • Maybe you still have the needed files on your old PC, a notebook, mobile, external storage, etc.

USEFUL TIP: You can employ file recovery utilities1 to get your lost data back since ransomware encodes the copies of your files, removing the authentic ones. In the tutorial below, you can see how to recover your files with PhotoRec, but remember: you can do it only after you remove the ransomware itself with an anti-malware program.

I need your help to share this article.

It is your turn to help other people. I have written this guide to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith

References

  1. Here’s the list of Best Data Recovery Software Of 2023.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment