Pay2Decrypt Ransomware
The Pay2Decrypt threat is used in attacks that leave the victim's files and data in an unusable state. As is typically the case with ransomware infections, the threat actors are financially motivated and their aim is to extort the affected users for money. The strength of the utilized cryptographic algorithm makes the restoration of the locked files without the necessary decryption keys nearly impossible. Victims who do not have a suitable backup of the impacted data are left with few options.
While it is active, the Pay2Decrypt Ransomware will continue to scan the system for files belonging to the targeted file types and encrypt them. Each locked file will have a new file extension appended to its original name. Users will notice that most of their files now carry '.PAY2DECRYPT' followed by a lengthy character string as part of their names. A peculiar characteristic of the threat emerges when it tries to deliver its ransom note - the malware will create a hundred text files on the desktop of the breached devices. The contents of these files are identical while their names go from 'Pay2Decrypt1.txt' to 'Pay2Decrypt100.txt.'
According to the text of the ransom-demanding messages, the ransom that victims may need to pay could range from 0.0002 to as much as 0.2 BTC (Bitcoin). At the current exchange rate of the cryptocurrency, this amounts to a range between approximately $6 to nearly $6000. To receive the crypto-wallet address to which the funds must be transferred, victims are instructed to contact the 'P2DqZHMg28A265z@postheo.de' and 'P2DoTJ6L16H1q7a@mail.a1.wtf' email addresses.
The full text of the ransom note is:
'Ooops! Your files was been encrypted!!!!!!.
You can recover your files securely with our decryptor.
Send us an email to P2DqZHMg28A265z@postheo.de (or to P2DoTJ6L16H1q7a@mail.a1.wtf) to recover your files
Ask for Hynn and he will send his wallet (thank you Hynn) and the pay amount, this may vary from 0.0002 to 0.2 BTC
Hynn will rate your case (being friendly increases your chance to send you the decryptor free!) and
then he will send you more information.You need to send your ID to send you the correct personalized decryptor.
ID:'
