Pagar Ransomware

Pagar Ransomware Description

The Pagar Ransomware is designed specifically to encrypt the files on the devices it manages to infect. Afterward, the threat actors proceed to extort their victims for money, by promising to send them the required decryption tool but only after the demanded ransom has been paid. This is a typical behavior observed in almost all ransomware-type threats.

During its encryption process, the Pagar Ransomware appends the original name of each targeted file with a new file extension. In this case, this is an email address under the control of the hackers - 'pagar40br@gmail.com.' The file with instructions for the victims will then be created on the compromised system. It is a text file named 'Urgent Notice.txt.'

Ransom Note's Overview

The ransom note is extremely brief. Nonetheless, it contains all of the crucial elements for this message objective. Victims are told that they have 72 hours to send exactly 0.035 BTC (Bitcoin) to the provided crypto-wallet address. While that amount may seem small at first glance, it is worth over $1500 at Bitcoin's current exchange rate. After making the payment, victims are told to send proof alongside the unique code also found in the ransom message to the same 'pagar40br@gmail.com' email address.

The full ransom note is:

'Your files have been encrypted
You have 72 hours to transfer 0.035 BTC to wallet:
Once paid, send your wallet address and the following ID to: pagar40br@gmail.com
and tell us your unique ID:
'