Payfast Ransomware

Payfast Ransomware Description

Payfast is a potent malware threat classified as ransomware. As such, its goal is to infiltrate the targeted computers and then lock the files stored there via a strong encryption process. Affected users will lose their access to a large set of file types that includes documents, PDFs, archives, databases, etc. The locked data will then play the role of a hostage with the cybercriminals demanding to be paid to help their victims restore their files. Functionally, the Payfast Ransomware appears to be a variant based on the ZEPPELIN Ransomware.

As most threats of this type, Payfast also marks each file it has encrypted. It does so by appending '.payfast' followed by a specific ID number assigned to the victim to the original names of the affected files. When the threat finishes its encryption routine, the next step involves delivering the instruction from the hackers. This ransom note will be dropped on the Desktop of the compromised system as a text file named '!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT.'

Payfast Ransomware's Demands

The ransom message of the threat reveals that the cybercriminals responsible for unleashing it have some really specific demands. They want to receive $500exactly, paid using the Bitcoin cryptocurrency. The money must be transmitted to the provided crypto-wallet address with victims warned that the ransom price will go up the following day. The hackers promise that after getting the money, they will provide the victim with the decryption key necessary to restore the data.

To demonstrate that they do have a working key, the ransomware operators are willing to decrypt a single file for free. Users can attach the file to an email message directed towards the email address. An alternative communication channel is also provided in the note in the form of a Telegram account.

The full text of Payfast's instructions is:


All your files, documents, photos, databases and other important files are encrypted.

You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.

PAY FAST 500$=0.013 btc
or the price will increase tomorrow

bitcoin address


To be sure we have the decryptor and it works you can send an email: and decrypt one file for free.
But this file should be of not valuable!

Do you really want to restore your files?
TELEGRAM @payfast500

Your personal ID:

Attention!Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'