PaySafeGen Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 20 |
| First Seen: | November 10, 2016 |
| Last Seen: | January 21, 2022 |
| OS(es) Affected: | Windows |
The PaySafeGen Ransomware receives its name because this encryption ransomware Trojan demands that victims pay their ransom using PaySafeCard. This type of payment was fairly common in early ransomware attacks from several years ago. Modern ransomware Trojans tend to favor payments carried out using BitCoin. Perhaps the appearance of the PaySafeGen Ransomware indicates a trend towards older payment methods. The PaySafeGen Ransomware is being delivered using corrupted spam email attachments that disguise an executable file through the use of double extensions.
There's Nothing Safe with the PaySafeGen Ransomware Trojan
When the victim opens the compromised file attachment, which delivers an executable file named 'Cry.exe,' the PaySafeGen Ransomware is installed on the victim's computer. The PaySafeGen Ransomware will scan the victim's files, searching all local drives and shared drives for certain file types. The PaySafeGen Ransomware targets file types corresponding to media files, documents and databases. The PaySafeGen Ransomware uses an AES-256 encryption algorithm to encrypt these files, appending the extension '.cry' to the end of each of the encrypted files. The PaySafeGen Ransomware uses a ransom note in German, making it apparent through the use of this language and its peculiar payment method, that the PaySafeGen Ransomware targets computer users in Europe, in German-speaking countries. The PaySafeGen Ransomware's ransom note, which is displayed as a full-screen message, contains the following text:
'!WARNUNG!
ALLE wichtigen Dateien und/oder Programme auf ihrem Computer wurden mit AES-256 verschlüsselt. Das bedeutet Sie können ihre Dateien und Programme erst wieder verwenden wenn Sie sich einen 128-Stelligen
Entschlüsslungscode für 100€ kaufen. Nachdem sich dieses Fenster geschlossen hat, finden Sie auf ihrem Desktop
eine Datei mit dem Namen „Kaufen" oder „Kaufen.exe". Geben Sie dort einen gültigen 100€-Paysafecardcode und ihre Email ein. Paysafecardcodes finden Sie in fast jeder
Tankstelle und/oder Supermärkten. Nach der Verifizierung des Codes durch uns bekommen Sie per Email den
Entschlüsslungscode zusammen mit weiteren Instruktionen, um ihre Dateien zu entschlüsseln.
FALLS INNERHALB DER NÄCHSTEN 72 STUNDEN KEINE ZAHLUNG ERFOLGT WERDEN ALLE DATEN GELÖSCHT.
Drücken Sie jetzt ENTER um auf Ihren Desktop zurückzukehren.'
Which, when translated into English, reads as follows:
After closing this message, computer users will find a file named 'Kaufen.exe,' which is German for 'Purchase.' This file displays the following pop-up message:
'100EUR paysafecardcode:
[text box]
Email:
[textbox]
Falls der Server fuer laengere Zeit nicht erreichbar sein sollte. koennen Sie eine Email an cry_16@hmamail.com senden in der der PSC-Code zusammen mit der HWID steht.
Senden
Sie haben ihren Code bereits per Email erhalten, Klicken Sie hier um ihre Daten zu entschluesseln'
Which translated into English reads as follows:
'100EUR paysafecardcode:
[text box]
Email:
[textbox]
If the server is not available for a long time. You can send an email to cry_16@hmamail.com in which the PSC code together with the HWID.
Send
You have already received your code by email, Click here to decrypt your data'
Dealing With the PaySafeGen Ransomware
PC security analysts strongly advise computer users to refrain from paying the PaySafeGen Ransomware ransom. There is no guarantee that these people will help computer users recover their data, and it is equally likely that they will simply ignore the victims or ask them to pay more money. The best way to deal with the PaySafeGen Ransomware and other ransomware Trojans is to ensure that backups of all files are readily available.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.