Cyber crooks are not taking days off in 2020, and malware researchers have already begun spotting new ransomware threats lurking the Web. Among the newest uncovered file-locking Trojans is the Pashka Ransomware. There are no indications of this threat being a variant of an already existing data-encrypting Trojan, yet. There is a possibility that the Pashka Ransomware might have been built from scratch.
Propagation and Encryption
The preferred propagation method by many Ransomware creators is spam email campaigns. The attackers would target innocent users and send them an email containing a fraudulent message. Alongside the fake message, the attackers usually attach a corrupted file that, at first glance, appears to be harmless. However, users who fall for this trickery would give the Pashka Ransomware green light to compromise their system. The Pashka Ransomware is likely going a very wide range of file types to ensure significant damage. Audio files, images, videos, documents, archives, spreadsheets, databases, and countless other file types will be locked by the Pashka Ransomware inevitably. Once the Pashka Ransomware applies its encryption algorithm and locks a targeted file, its name will be altered because this threat appends a ‘.pashka’ extension to the affected files names. For example, an audio file that was named ‘wool-and-silk.mp3’ will be renamed to ‘wool-and-silk.mp3.pashka’ after the encryption process has been completed.
The Ransom Note
The attackers’ ransom message is contained in a file named ‘HELP_ME_RECOVER_MY_FILES.txt.’ The file in question is dropped on the user’s desktop. In the ransom message, the authors of the Pashka Ransomware state that they demand 0.03 Bitcoin (approximately $250 at the time of typing this post) in exchange for a decryption tool that is supposed to help users recover their data. The attackers provide their Bitcoin wallet address. There is an email address announced as a means of communication – ‘firstname.lastname@example.org.’
It is not a good idea to contact the creators of the Pashka Ransomware, let alone pay the ransom fee. Usually, cyber crooks do not keep their word, and it is highly likely that you will not be provided with the decryption key you need, even if you pay the fee. This is why it is certainly worth it to look into installing a legitimate anti-virus software suite. A reputable security tool will help you rid your system of the Pashka Ransomware and make sure to keep it safe from such threats in the future.