Archives like "ProtonCrypt.rar" are used as a delivery mechanism for the following features of the Proton ransomware family:
: Recent variants (such as "Zola") include features like privilege escalation , a disk overwriting function to prevent recovery, and a keyboard language-based kill switch to avoid infecting systems in specific regions. ProtonCrypt.rar
: The archive often contains or generates a ransom note (typically README.txt or How To Restore Your Files.txt ) providing contact details for the attackers. Archives like "ProtonCrypt
: The malware uses strong cryptographic algorithms, specifically AES (Advanced Encryption Standard) and ECC (Elliptic-curve cryptography), to lock user files. to lock user files.