Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Proton

Proton Vendor Cyber Rating & Cyber Score

proton.me

A better internet starts with privacy. At Proton, we believe that privacy is a human right, the foundation of a free and open society. That’s why we’re building an ecosystem of privacy-first, open-source tools that put people (not profits) first. Created by scientists from CERN and MIT, governed by the Proton Foundation (a Swiss non-profit organization) and powered by a global community of supporters, Proton is independent, community-funded, and 100% subscription-based, not driven by ads or data mining. Our privacy-by-design ecosystem includes: ✉️ Proton Mail: the world’s most private email service, free of ads and trackers 🌐 Proton VPN: a fast, secure VPN to browse freely and protect your identity online 🗓️ Proton Calendar: an


Proton A.I CyberSecurity Scoring

Proton
Company Information
Website:https://proton.me/
Employees number:844
Number of followers:137,991
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:proton.me
Proton Risk Score (AI oriented)
Between 700 and 749
logo
ProtonTechnology, Information and Internet
Updated:
03/07/2026
744/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Proton Global Score (TPRM)
xxxx
logo
ProtonTechnology, Information and Internet
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Proton
ProtonModerate
Current Score
744Ba (MODERATE)
01000
3 incidents
-19 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
744Before Incident
JUNE 2026
744Before Incident
MAY 2026
743Before Incident
APRIL 2026
743Before Incident
MARCH 2026
761Before Incident
Cyber Attack
11 Mar 2026Proton
Sophos, CrowdStrike, Microsoft, Proton Drive, SentinelOne, Bitdefender, ESET and McAfee: New Avalon Malware Framework Packs CrownX Ransomware Capabilities

New Modular Malware Framework 'Avalon' Unveiled in Sophisticated Phishing Attack

742After Incident
CRITICAL-19
CROMICBITSOPSENPROESEMCA1783117511
New Modular Malware Framework "Avalon" Unveiled in Sophisticated Phishing Attack Cybersecurity researchers have identified a previously unknown modular malware framework, Avalon, distributed via a multi-stage phishing campaign designed to evade traditional security controls. The framework integrates credential theft, lateral movement, remote access, recovery disruption, and ransomware execution with its ransomware component internally dubbed CrownX. The attack begins with a spoofed legal document email directing recipients to a password-protected archive hosted on Proton Drive. Instead of attaching malicious files directly, attackers embedded them within an ISO image, reducing detection at the email layer. When a victim interacts with a document-themed Windows shortcut (Secure Document CA-283505.pdf.lnk) inside the mounted image, it triggers a sequence that deploys Avalon. The shortcut executes an MSBuild project within the ISO, which loads an embedded .NET assembly to disable Event Tracing for Windows (ETW), obscuring forensic visibility. The malware then downloads a next-stage payload over HTTPS to deploy Avalon, which includes an extensive defense evasion subsystem targeting security tools from Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender. Avalon’s capabilities include: - Credential harvesting from Chromium-based browsers, Firefox, cryptocurrency wallets (MetaMask, Coinbase Wallet, Exodus, etc.), and apps like Discord, Slack, and Teams. - Data exfiltration to a remote server (helloxcherry[.]com) and command polling for further instructions. - Reconnaissance to prioritize high-value systems for lateral movement. - Ransomware execution using Windows Cryptography API, encrypting files tied to business operations, software development, and virtual infrastructure. - Recovery disruption by terminating the Volume Shadow Copy Service and deleting shadow copies. - Anti-forensic measures, including direct disk manipulation to corrupt partition data or boot records. Researchers note that CrownX represents only the final extortion stage by the time the ransom note appears, the framework has already stolen credentials, established C2 communications, and weakened recovery options. The malware also exhibits signs of AI-assisted development, suggesting lower barriers to entry for threat actors with limited technical expertise. ### AI-Driven Ransomware and Codeless Attacks Emerge In related developments, Sysdig reported the first publicly documented agentic ransomware attack powered by a large language model (LLM). The threat actor, JADEPUFFER, exploited CVE-2025-3248 to gain access to an exposed Langflow instance, executing an automated campaign that adapted in real-time to pivot toward a production database server for extortion. Separately, Palo Alto Networks Unit 42 uncovered an AI-powered malware combining a Telegram bot with a public LLM API (api.groq[.]com) to enable codeless attacks. The malware forwards system details to the attacker’s Telegram bot, then polls the API every five seconds to translate natural language instructions into shell commands eliminating the need for command-line expertise. The sample, uploaded to VirusTotal in March 2026, remains undetected by all engines.
INCIDENT DETAILS -
TYPE
MalwareRansomwarePhishing
MOTIVATION
Financial GainData ExfiltrationExtortion
IMPACT
Data Compromised: Credentials, cryptocurrency wallet data, business documents, software development files, virtual infrastructure filesSystems Affected: Windows systems with Chromium-based browsers, Firefox, cryptocurrency wallets, Discord, Slack, Teams, and security tools from Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and BitdefenderOperational Impact: Recovery disruption, encryption of critical files, termination of Volume Shadow Copy ServiceIdentity Theft Risk: High (credential harvesting, PII exposure)
DATA BREACH
CredentialsCryptocurrency wallet dataBusiness documentsSoftware development filesVirtual infrastructure filesSensitivity Of Data: High (PII, financial data, operational files)Data Exfiltration: Yes (to helloxcherry[.]com)Data Encryption: Yes (Windows Cryptography API for ransomware)Personally Identifiable Information: Yes (credentials, wallet data)
FEBRUARY 2026
761Before Incident
JANUARY 2026
761Before Incident
DECEMBER 2025
760Before Incident
NOVEMBER 2025
760Before Incident
OCTOBER 2025
760Before Incident
SEPTEMBER 2025
760Before Incident
AUGUST 2025
760Before Incident
JULY 2024
775Before Incident
Vulnerability
01 Jul 2024Proton
Proton

Proton Introduces End-to-End Encrypted Documents

758After Incident
LOW-17
PRO000070924
Proton, known for its privacy-centric services, has introduced a feature for creating, editing, and collaborating on end-to-end encrypted documents within its storage systems, challenging the practices of tech giants like Google and Microsoft. This innovation safeguards user data from third parties, including Proton, which cannot access the content of the files. The initiative enhances user privacy, directly confronting the data collection methodologies prevalent among leading cloud service providers. As a result, there have been no reported data leaks or negative consequences following the implementation of the encrypted document feature provided by Proton.
INCIDENT DETAILS -
TYPE
Feature Implementation
MOTIVATION
Enhance user privacy
DATA BREACH
Data Encryption: End-to-end encryption
JUNE 2018
775Before Incident
Vulnerability
16 Jun 2018Proton
Proton

ProtonVPN Vulnerability Exposure

758After Incident
HIGH-17
PRO023301022
ProtonVPN were exposed to vulnerabilities that could have allowed hackers to execute arbitrary code with administrator privileges on computers running Windows. The bugs, CVE-2018-395 were discovered by Cisco Talos security researchers which is similar to another security flaw discovered in March by security consulting firm VerSprite. ProtonVPN had released patches to fix the original vulnerability. It was still possible to execute code as an administrator albeit through a exploit. The initial vulnerability was due to OpenVPN being able to select a malicious file when choosing a VPN configuration. This could have given access to private information and hacking through arbitrary commands. They use OpenVPN's open-source software to set up secure connections from one point to another. Later versions of ProtonVPN have resolved this issue and users have been automatically prompted to update. They have not seen any evidence of this being exploited in the wild, as a user's computer needs to first be compromised by a hacker before this bug can be exploited
INCIDENT DETAILS -
TYPE
Vulnerability Exploitation
MOTIVATION
Unauthorized access to private information and arbitrary command execution
IMPACT
Windows computers running ProtonVPN

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Proton ?
?
What was Proton's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Proton's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Proton's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Proton's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Proton's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Proton's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Proton's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Proton's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Proton's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Proton's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Proton's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Proton's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Proton ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Proton's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?