Threat Database Ransomware Payerranso Ransomware

Payerranso Ransomware

By GoldSparrow in Ransomware

The Payerranso Ransomware is a textbook example of a generic encryption Trojan. The Payerranso Ransomware infiltrates computers utilizing spam emails that direct users to open the attached document. The emails associated with the Payerranso Ransomware may appear to come from payment processing services and online stores that have charged your credit card. As you may expect most users will not be thrilled about an unauthorized charge and will be likely to open the attached document for more details. That is the first step of the attack — making the user open the weaponized document. Next, the user is shown a warning to enable macros, or the document will not be displayed properly. This is your last chance to prevent the Payerranso Ransomware from entering your PC.

Many users may not suspect they are about to download an encryption Trojan on their PCs by enabling a simple macro script. Unfortunately, the Payerranso Ransomware uses potent encryption technology to lock data on your device, delete its files and leave you a ransom note before you can realize what happened. Threats like the Payerranso Ransomware go for your text files, images, databases, spreadsheets and small multimedia files. The Trojan appends the '.payerranso' extension to filenames and something like 'HudsonAlpha Institute for Biotechnology.txt' is renamed to 'HudsonAlpha Institute for Biotechnology.txt.payerranso.' The ransom note is retained on the desktop in 'Message_Important.txt' and says:

's'il vous plait veuillez contacter cette adresse email : ou

il s'agit de vous aider à décrypter vos fichiers avec la clé et le programme de décryptage
please contact this email : ou
it is to help you to decrypt your files'

Also, users may notice that their desktop background is changed to a white image with the following red text on top:

'All your files are encrypted with RSA-2048 and AES-128 ciphers.
Decryption is only possible using a private key and a decryption program,
Which are on our secret server; we advise you to contact this email address:
We are only ones who can decrypt your files with the password and this decryption program'

The text shown above is provided in French too. The people behind the Payerranso Ransomware may aim to distribute their product to users in Western Europe and may use fake news articles on social events to lure users into downloading the threat payload. You should avoid spam emails and questionable advertisements that open insecure Web pages. Do not write to '' and '' because the cybercriminals behind the Payerranso Ransomware are not to be trusted and you may be tricked. Paying money to the criminals would only secure the release of new crypto-threat in the future. It is safer to boot data backups and clean the compromised PC using a trusted security instrument.


Most Viewed