Payment Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 6,853 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 819 |
| First Seen: | June 1, 2022 |
| Last Seen: | September 18, 2023 |
| OS(es) Affected: | Windows |
The Payment Ransomware is an encryption ransomware Trojan that was first observed on December 2, 2017. It is clear that the Payment Ransomware is under development currently, and several samples of the Payment Ransomware have not been capable of encrypting the victims' files. However, it is likely that samples of the Payment Ransomware will appear that are capable of carrying out a full ransomware attack, as a campaign to distribute the Payment Ransomware through the use of spam email attachments goes underway. Security experts advise computer users to take steps to protect their data from threats like the Payment Ransomware. These threats function by taking the victims' files hostage, encrypting them with a strong encryption algorithm (or in the case of the Payment Ransomware, just pretending to encrypt the victim's files) and then demanding the payment of a ransom amount in exchange for the decryption key that they will need to use to restore the affected files.
The Payment that may not Bring Anything in Return
The Payment Ransomware delivers a ransom note in Spanish, making it clear that computer users in Spanish speaking regions are the intended targets of the Payment Ransomware attack. According to the Payment Ransomware's ransom note, the victim's files are encrypted using a combination of the AES and RSA encryptions, and a ransom of several hundred US dollars is necessary to be paid to recover from the Payment Ransomware attack. The Payment Ransomware demands its ransom in Bitcoins, due to the anonymous nature of this cryptocurrency, although its confusingly worded message also mentions the possibility of a bank deposit. It is important to refrain from following the Payment Ransomware's instructions or contacting the criminals responsible for this attack.
The Payment Ransomware delivers its ransom note in a program window named 'Payment' that contains the following message written in Spanish:
'¡TODOS TUS DATOS HAN SIDO ENCRIPTADOS!
¡NO REINICIES EL SISTEMA O NO PODRÁS RECUPERARLOS!
¡CUALQUIER MOVIMIENTO QUE LLEVES A CABO PODRÍA
SUPONER LA PÉRDIDA TOTAL DE TUS DATOS!
----------------------------------------
SITUACIÓN ACTUAL
----------------------------------------
Lamentablemente has sido víctima de un *Ransomware*; un malware (virus) que priva, de forma absoluta, al usuario del acceso a la información contenida en las unidades de almacenamiento conectadas al sistema; esto significa:
*Documentos*, *Imágenes*, *Vídeos*.... ENCRIPTADOS (INSERVIBLES) por medio de un código de cifrado que únicamente el desarrollador del malware conoce, siendo, por ende, el único capáz de restaurar los archivos a su estado original.
Se solicita a la víctima un ingreso en BitCoins (Moneda no rastreable) vía internet a cambio del código de cifrado, necesario para la recuperación de sus datos.'
Below is a translation to English of the Payment Ransomware ransom note:
'ALL YOUR DATA HAVE BEEN ENCRYPTED!
DO NOT RESET THE SYSTEM OR YOU CAN NOT RETRIEVE THEM!
ANY MOVEMENT YOU CAN FIND IT COULD
SUPPORT THE TOTAL LOSS OF YOUR DATA!
----------------------------------------
CURRENT SITUATION
----------------------------------------
Unfortunately you have been a victim of * Ransomware *; a malware (virus) that absolutely deprives the user of access to the information contained in the storage units connected to the system; this means:
* Documents *, * Images *, * Videos * .... ENCRYPTED (INSERTABLE) by means of an encryption code that only the malware developer knows, being, therefore, the only way to restore the files to their original state .
The victim is requested to enter BitCoins (Currency not traceable) via the internet in exchange for the encryption code, necessary for the recovery of their data.'
The ransom note continues to provide more detail on the payment method.
Recovering from the Payment Ransomware
If you have file backups on the cloud or an external memory device, then recovering from this attack is relatively simple. Because of this, having file backups remains the best way to protect your data from these and other encryption ransomware Trojans. Combined with a reliable security program that is fully up to date, this combination of resources can help most computer users recover from an attack without losing their data or their money.
