Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan that was first observed on February 2, 2019. The '' Ransomware is a variant of the Paradise Ransomware and was probably created using a ransomware builder, along with many other variants. The '' Ransomware, like most encryption ransomware Trojans, is designed to take the victims' files captive so that it can demand a ransom payment to restore access to the compromised data. The '' Ransomware is delivered via corrupted spam email attachments mostly, often containing compromised embedded macro scripts that make the download and the installation of the '' Ransomware.

Some Details about the '' Ransomware Trojan

The '' Ransomware uses a strong encryption algorithm to make the victims' files inaccessible. The '' Ransomware targets the user-generated files, which may include a wide variety of file types, including media files, configuration data, databases and numerous other data containers. The following are examples of the files that are targeted by threats like the '' Ransomware:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware renames the encrypted files following the pattern '[file name].id-[affiliate_id].[affiliate_email].STUB.' The '' Ransomware delivers a ransom note in the form of a program window titled '' and a text file named 'Instructions with your files.txt,' which contain the following messages for the victim:

'All your files have been encrypted contact us via the e0mail listed below.
e-mail: or e-mail:
Paradise Ransomware team.'

'All your files have been encrypted!
Paradise Ransomware
All your files have been encrypted due to a security problem wit your PC. If you want to restore them, write us to the email
Your PC id is [random characters]
Yo uhave to pay for decryption in Bitcoins. The price depends on how fast your write to us. After Payment, we will send you the decryption tool that will decrypt all your files.'

Protecting Your Data from the '' Ransomware

The best way to protect your data from threats like the '' Ransomware is to have backup copies of all of your data. The backup copies can limit the extent of the damage that can be caused by the '' Ransomware and enables computer users to recover from a '' Ransomware attack relatively quickly. Unfortunately, once the '' Ransomware has encrypted the victim's files, these cannot be recovered without the decryption key. Because of this, prevention by having file backups and a strong security program is the best way to ensure that your data does not become a hostage of a threat like the '' Ransomware.


Most Viewed