Pay Ransomware
Cybersecurity researchers have uncovered another harmful ransomware threat. Named the Pay Ransomware, and belonging to the Xorist Ransomware family, the threat retains the potent capabilities of this ransomware family and can cause significant damage to the systems it infects. By executing an encryption routine with a military-grade cryptographic algorithm, the Pay Ransomware can effectively render a wide range of file types completely unusable. The attackers will then extort the victim by taking the encrypted data as a hostage.
Whenever the Pay Ransomware processes a file, it also changes that file's original name by adding '.Pay' as a new extension. Afterward, the malware will proceed to deliver its ransom-demanding message. To make sure that the affected users will see the hacker's instructions, the threat will generate a text file named 'HOW TO DECRYPT FILES.txt,' as well as display them in a pop-up window.
Demands Overview
The ransom note shown in the pop-up window and the one contained in the text file are identical. According to the message, the threat actors behind the Pay Ransomware want to receive a ransom of exactly $50. However, they will only accept payments in Bitcoin, with the funds having to be transferred to the crypto-wallet address provided in the note. After making the payment, victims have to download the qTox chat client, supposedly to receive the decryption key needed for the restoration of their data from the attackers. The note warns that victims have only 5 tries to enter the correct code, and exceeding the limit of attempts will apparently destroy all of the locked data.
The full text of the ransom-demanding note is:
'Attention! All your files are encrypted!
To restore your files and access them,
Send us 50 USD worth in Bitcoin to this adressbc1qmsfh4lz8nar89zvxkverwurkjrmg4d9vqjgj7g
(?? Bitcoin adress ??)You have 5 attempts to enter the code.
When that number has been exceeded,
all the data irreversibly is destroyed.
Be careful when you enter the code.As soon you send us the payment will you review the code from the qTox client that you need to download so we can send you the decryption code (Read more what the qTox client is below)
If you wanna get it touch with us can you download the open sourse project qTox and add me on this ID (You need to conntact us to get your code after the payment)
ID:
9F15A8EE857F37F03C77A7723D50C47BBCA37 60997A993AB20D7D2A68C59F43D5EFD8AAD77B7Obs: No antiviruses can help you here they will only remove the client that start this and delete every chance to decrypt your files, Good luck!'
