Threat Database Ransomware Paycrypt Ransomware

Paycrypt Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 18,692
Threat Level: 20 % (Normal)
Infected Computers: 23
First Seen: April 19, 2016
Last Seen: September 12, 2022
OS(es) Affected: Windows

The Paycrypt Ransomware is a ransomware Trojan. PC security analysts advocate computer users taking steps to ensure that their computers are not vulnerable to these kinds of threats, such as using a reliable security program that is fully up-to-date and avoid unsolicited email attachments and other common sources of infections. The Paycrypt Ransomware and similar threats may be distributed through the use of corrupted email attachments that are designed to execute harmful code on the victim's computer when opened. If your machine has become infected by the Paycrypt Ransomware, malware analysts recommend taking steps to find out if there is a decryption utility that will work with your files. If this is not the case, then your best possible recourse should be to restore your files from a back-up after wiping your hard drive.

The Paycrypt Ransomware Attack can Compromise a Big Deal of Files

The Paycrypt Ransomware may spread through social engineering techniques, typically targeted email messages that are designed to tempt inexperienced computer users into opening corrupted email attachments included in the message. Once the Paycrypt Ransomware is inside an infected machine, it searches for files on the victim's computer that match its list of targeted extensions. The Paycrypt Ransomware uses the RSA encryption to encrypt the victim's files, making the decryption key inaccessible. File extensions that may be targeted by the Paycrypt Ransomware Trojan include:

.3dm, .3ds, .3fr, .3g2, .3gp, .3pr, .7z, .ab4, .accdb, .accde, .accdr, .accdt, .ach, .acr, .act, .adb, .ads, .agdl, .ai, .ait, .al, .apj, .arw, .asf, .asm, .asp, .aspx, .asx, .avi, .awg, .back, .backup, .backupdb, .bak, .bank, .bay, .bdb, .bgt, .bik, .bkf, .bkp, .blend, .bpw, .c, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfp, .cgm, .cib, .class, .cls, .cmt, .cpi, .cpp, .cr2, .craw, .crt, .crw, .cs, .csh, .csl, .csv, .dac, .db, .db-journal, .db3, .dbf, .dbx, .dc2, .dcr, .dcs, .ddd, .ddoc, .ddrw, .dds, .der, .des, .design, .dgc, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dtd, .dwg, .dxb, .dxf, .dxg, .eml, .eps, .erbsql, .erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fla, .flac, .flv, .fmb, .fpx, .fxg, .gray, .grey, .gry, .h, .hbk, .hpp, .htm, .html, .ibank, .ibd, .ibz, .idx, .iif, .iiq, .incpas, .indd, .jar, .java, .jin, .jpe, .jpeg, .jpg, .jsp, .kbx, .kc2, .kdbx, .kdc, .key, .kpdx, .lua, .m, .m4v, .max, .mdb, .mdc, .mdf, .mef, .mfw, .mmw, .moneywell, .mos, .mov, .mp3, .mp4, .mpg, .mrw, .msg, .myd, .nd, .ndd, .nef, .nk2, .nop, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nwb, .nx2, .nxl, .nyf, .oab, .obj, .odb, .odc, .odf, .odg, .odm, .odp, .ods, .odt, .oil, .orf, .ost, .otg, .oth, .otp, .ots, .ott, .p12, .p7b, .p7c, .pab, .pages, .pas, .pat, .pbl, .pcd, .pct, .pdb, .pdd, .pdf, .pef, .pem, .pfx, .php, .php5, .phtml, .pl, .plc, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .ps, .psafe3, .psd, .pspimage, .pst, .ptx, .py, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby, .r3d, .raf, .rar,, .rat, .raw, .rdb, .rm, .rtf, .rw2, .rwl, .rwz, .s3db, .sas7bdat, .say, .sd0, .sda, .sdf, .sldm, .sldx, .sql, .sqlite, .sqlite3, .sqlitedb, .sr2, .srf, .srt, .srw, .st4, .st5, .st6, .st7, .st8, .std, .sti, .stw, .stx, .svg, .swf, .sxc, .sxd, .sxg, .sxi, .sxi, .sxm, .sxw, .tex, .tga, .thm, .tib, .tif, .tlg, .txt, .vob, .wallet, .war, .wav, .wb2, .wmv, .wpd, .wps, .x11, .x3f, .xis, .xla, .xlam, .xlk, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .ycbcra, .yuv, .zip.

After infecting the victim's computer, the Paycrypt Ransomware demands the payment of a ransom, usually through BitCoins and using an anonymous method such as the TOR browser to carry out payment. Unfortunately, if the victim's files have been encrypted, it may not be possible to decrypt them currently without the decryption key. However, PC security researchers release decryption utilities for different ransomware Trojans every day, and in many cases, ransomware Trojans are not the threats they claim to be and are easier to deal with. Because of this, it is worth to try a known decryption utility associated with a legitimate PC security firm.


Most Viewed