The Pandora Ransomware threat can completely devastate the computers it manages to infect. It does so by initiating an encryption routine that targets numerous file types and leaves them both inaccessible and unusable. This particular ransomware was first discovered by cybersecurity researchers. It also should be noted that Pandora is not a new ransomware strain and is most likely an attempt to rebrand the previously identified Rook Ransomware.
As part of its intrusive actions, the threat also will modify the names of the files it locks. More specifically, victims will notice that their files now have the '.pandora' file extension as part of their original names. In addition, users also will find a text file that has been created on the compromised system by the threat. This file named 'Restore My Files.txt' is tasked with delivering the ransom note with instructions from the hackers.
Ransom Note's Details
According to the message, the Pandora Ransomware uses the RSA-2048 cryptographic algorithm to encrypt its victims' files. The ransom note also reveals that the attackers are running a double-extortion scheme by exfiltrating confidential and private data from the breached systems. The collected information can be reviewed on a dedicated website accessible through the TOR web browser.
Although the ransom note doesn't reveal the exact amount that the attackers demand to be paid, it does state that users who establish contact early will receive preferential terms. The cybercriminals leave a single email address - 'firstname.lastname@example.org,' as the sole way to reach them. Pandora Ransomware's victims are allowed to attach up to 3 encrypted files to be unlocked for free. If the affected users refuse to pay the ransom, their data is going to be published to the public.
The entire message left by the Pandora Ransomware is:
'### What happened?
#### !!!Your files are encrypted!!!
*All your files are protected by strong encryption with RSA-2048.*
*There is no public decryption software.*
*We have successfully stolen your confidential document data, finances, emails, employee information, customers, research and development products...*
#### What is the price?
*The price depends on how fast you can write to us.*
*After payment, we will send you the decryption tool which will decrypt all your files.*
#### What should I do?
*There is only one way to get your files back -->>Contact us, pay and get decryption software.*
*If you decline payment, we will share your data files with the world.*
*You can browse your data breach here:
(you should download and install TOR browser first hxxps://torproject.org)
#### !!!Decryption Guaranteed!!!
*Free decryption As a guarantee, you can send us up to 3 free decrypted files before payment.*
#### !!!Contact us!!!
*Do not attempt to decrypt your data using third-party software, this may result in permanent data loss.*
*Decrypting your files with the help of a third party may result in a price increase (they charge us a fee), or you may fall victim to a scam.*
*Don't try to delete programs or run antivirus tools. It won't work.*
*Attempting to self-decrypt the file will result in the loss of your data.*'