FakeParadise Ransomware

New strains of ransomware are produced and compiled on a regular basis, and it is only logical that security researchers monitor those new versions. Somewhat surprisingly, ransomware named FakeParadise made the top 10 of ransom infections for the month of October 2019, according to statistics.

FakeParadise is a relatively new ransomware variant. The threat demands payment to be made in Bitcoin and asks for a sum that amounts to over 10,000 Chinese Yuan. The ransomware produces a ransom note named "---==%$$$OPEN_ME_UP$$$==---.txt" and files scrambled by FakeParadise have their original extensions changed. The ransomware appends either "_Kim ChinIm_ {ID string}.sev" or "_Support_{ID string}.FC" after the original file's extension. The infections reported have been primarily focused in China.

It's easy to assume that FakeParadise is a new variant of the Paradise ransomware - an older threat, but researchers discovered that FakeParadise both used C++ instead of C# and a different encryption method. Additionally, FakeParadise uses a different approach when it tried to delete volume shadow copies. Many versions of Paradise simply disable the shadow copy service without deleting the actual copies.

Victims of the FakeParadise ransomware might try the free Paradise ransomware decryption tool that has been released online. There is no guarantee that it will work, but it is still worth looking into.