Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan that belongs to the Paradise family of ransomware. The Paradise Ransomware family has been active since late 2018 and carries out a typical encryption ransomware attack. The '' Ransomware, like other, similar threats, takes the victims' files hostage and then demands a ransom payment to return the files to the victim. Malware analysts have received reports of the '' Ransomware attacks being carried out on victims in Eastern Europe.

How the '' Ransomware Infects a Computer

The '' Ransomware Trojan is typically delivered to the victims via corrupted spam email attachments, which are often files with embedded macro scripts that download and install the '' Ransomware onto the victim's computer. Once installed, the '' Ransomware will use a strong encryption algorithm to make the victim's files inaccessible, targeting the user-generated files, which may include a wide variety of documents, media files, configuration data, databases, and numerous others. The '' Ransomware encrypts the files and marks them with the file extension __{}.p3rf0rm4,' which is added to each file's name. The types of files that threats like the '' Ransomware target in these kinds of attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware delivers its ransom note when the victim's files are compromised. This ransom note takes the form of a text file named ‘Instructions with your files.txt,' which instructs the victim to contact the attackers via email. The victims will generally be asked to pay a large ransom via Bitcoin in exchange for the decryption software they will need to restore the affected data. Computer users should disregard the '' Ransomware's message and avoid paying this ransom or contacting the criminals responsible for the attack.

Dealing with the '' Ransomware

Unfortunately, once a Trojan like the '' Ransomware has encrypted the files, they will no longer be recoverable. This is why computer users should take steps to ensure that their data is safe from this and other, similar threats. The best protection against threats like the '' Ransomware is to have the means to restore the data without having to contact the criminals. This is why having file backups stored on a safe location is the best protection against threats like the '' Ransomware. Apart from file backups, a trusted security program that is fully up-to-date can be used to intercept the '' Ransomware before it causes damage to the victim's data. Combining a security software with file backups is generally the best protection against even the strongest encryption ransomware Trojans.


Most Viewed