Threat Database Malware P4YME Screenlocker

P4YME Screenlocker

By GoldSparrow in Malware

The P4YME Screenlocker, also known in the infosec community as SSHBOT, is a piece of malware designed to lock the infected device, thus preventing users from starting any programs, accessing the desktop screen or using any files. While it may be scary at first, victims of the P4YME Screenlocker should remain calm as the threat is nowhere near as threatening as some of the ransomware variants that are being spread on the Web. The reason is quite simple - despite its claims, P4YME Screenlocker doesn't tamper with the files stored on the system.

Upon being executed, this malware threat locks the system and generates a pop-up window with a message from the hackers. Apparently, they demand the sum of €75 from their victims to send the password required to free the locked device. A Telegram account - @perry44, is provided for contact. The criminals try to further scare the affected users by threatening to delete the Windows OS of the infected computer if they are not paid within 30 minutes.

When dealing with a screenlocker malware threat, users should remember that there is absolutely no need even to contact the hackers. Instead, using a legitimate anti-malware software should be enough to clean the affected system and restore access to the previously locked files and programs.

The full text of the note displayed by P4YME Screenlocker is as follows:

'PC/Laptop is locked.
Pay me €75 to get the password.
Add me on Telegram. (@perry44)
If you dont pay. Windows will be deleted.

The fact is that P4YME isn’t able to cause long-term problems for your computer. All the software does is terminate the “explorer.exe” process in Windows and then show a screen overlay that suggests the PC has been locked. The message includes an address for the messaging app Telegram. Victims are told to contact @perry44 within 30 minutes to purchase their passwords. The message doesn’t say what will happen if the victim doesn’t respond within half an hour.

How Does P4YME Get on Computers?

Victims are most likely to come across the screenlocker if they use pirated media and games. These kinds of cyberthreats are spread through torrents. Unfortunately, avoiding compromised files isn’t enough to stay clear of threats like this.

P4YME also spreads through other standard infection methods, such as malspam campaigns and trojan viruses. Malspam campaigns see an attacker send out a mass of emails with compromised attachments and links. If even one person interacts with the message, then their computer is infected with the screenlocker. The emails are designed to appear as if they come from legitimate sources to better trick readers.

Trojan viruses have the potential to cause a lot of damage to systems. These simple but effective programs have an easier time infecting computers because they are so discreet. Once on a system, they can download and install other malware and ransomware, creating dangerous chain infections. The result is that one problem quickly explodes into multiple issues.

What to do if Your Computer Gets P4YME

Don’t worry too much if you notice the screenlocker on your computer. You don’t need to interact with the attacker in order to do something about the problem. You don’t need their password to get your PC back in good working order. Instead, press Control, Alt, and Delete at the same time to bring up the Task Manager The Task Manager lets you restart the Explorer process to bring back File Explorer. With Explorer open, you can then download and use an antivirus program to get rid of the infection.

If you’re having trouble with Task Manager for some reason, another method to try is starting the computer in Safe Mode. Safe Mode will make it easier for you to access anti-malware programs to deal with the infection. You may need to use Safe Mode With Networking if you have to download a program to use.

How to Avoid Ransomware Infections

There are several steps you can take to protect your computer from infection. The first thing to do is to avoid downloading software from unofficial sites and pages. Avoid using free file-hosting sites and third-party installers as much as possible. You should only download software from the official source.

Another step to take is to avoid interacting with spam emails. These emails almost definitely have some kind of infectious attachment or link included. It’s best to avoid spam altogether and just delete it instead of running the risk of being infected.

Last but not least, make sure to keep the programs on your computer updated. Software updates patch out issues that let computer viruses in. Using official sources to keep your software updated is one of the best things you can do for your computer. The operating system, in particular, requires regular updates. Ignoring all those Windows update requests can come back to bite you if you aren’t careful!


Most Viewed