Payuransom Ransomware
Cybersecurity researchers have identified Payuransom as a significant malware threat. This ransomware operates by encrypting files on devices it infects, appending the '.payuransom' extension to each affected file. Additionally, it alters the desktop wallpaper, displaying a message from the attackers. Victims also encounter a ransom note, typically stored in a text file named 'ReadMeForDecrypt.txt.' Payuransom's primary objective is to extort money from its victims. For instance, it renames files such as '1.png' to '1.png.payuransom' and '2.pdf' to '2.pdf.payuransom' as part of its encryption process.
The Payuransom Ransomware May Cause Valuable Data to Become Unusable
The ransom note generated by the Payuransom Ransomware is multilingual, appearing in Russian, English, and French, ensuring it reaches a wider audience of potential victims. It serves as a notification informing victims of the ransomware infection, which has resulted in the encryption of all their files. The note asserts that the decryption of these files is only achievable through the acquisition of specialized software, priced at $130 and payable exclusively in specific cryptocurrencies, Bitcoin or Ethereum.
In addition to outlining the payment requirements, the note provides detailed instructions on how victims can obtain the necessary cryptocurrency, including suggestions for platforms where it can be purchased. Furthermore, contact information for the attacker is provided, allowing victims to reach out via email (imhere.ru77@gmail.com) or Telegram (@payurransom) to confirm payment and receive the decryption key.
However, it's crucial for victims to exercise caution and resist the temptation to comply with the ransom demands. Paying the ransom carries substantial risks, including the possibility of being deceived and not receiving the promised decryption tools.
Moreover, victims must take immediate action to remove the ransomware from their compromised systems. This proactive step is essential for preventing further encryption of data and halting the spread of the ransomware to other devices within the local network. It's important to note that while removing the ransomware threat is crucial, it will not restore any data that has already been encrypted.
How to Protect Yourself Becoming a Victim of Ransomware Attacks?
To avoid falling victim to ransomware attacks, users should implement the following five crucial security measures:
- Regularly Backup Data: Maintain regular backups of all essential data on secure external storage devices or cloud-based services. This ensures that even if files are encrypted by ransomware, you can restore them without needing to pay the ransom.
- Keep Software Updated: Ensure all operating systems, applications, and security programs are regularly updated with the latest security patches. Outdated software often contains vulnerabilities that cybercriminals exploit to deploy ransomware.
- Use Caution When Dealing with Email Attachments and Links: Be careful with unsolicited emails, especially those containing attachments or links from unknown senders. Avoid downloading attachments and clicking on links unless you can verify their authenticity.
- Use Well-Build Passwords and Multi-Factor Authentication: Implement strong, unique passwords for all accounts and always enable multi-factor authentication, if possible. This adds more security, making it challenging for attackers to gain unauthorized access.
- Educate Yourself and Employees: Provide cybersecurity awareness training to yourself and employees, emphasizing the importance of recognizing phishing attempts, suspicious websites, and other common tactics used by ransomware attackers.
In conclusion, by following these security measures, users can decrease the opportunities to become more ransomware attack victims. Vigilance, regular backups, software updates, cautious email practices, strong authentication methods, and ongoing education are all essential components of a robust defense against ransomware threats.
Ransom note generated by the Payuransom Ransomware on breached devices:
'------------------------ ALL YOUR FILES ARE ENCRYPTED ------------------------
----> Оставайтесь сосредоточенными. <----
Все ваши файлы зашифрованы
Ваш компьютер заражен вирусом-вымогателем.
Ваши файлы зашифрованы, и вы не будете
сможете расшифровать их без нашей помощи.
Что я могу сделать, чтобы восстановить файлы?
Вы можете купить наше программное обеспечение для дешифрования, это программное обеспечение позволит вам восстановить все ваши данные и удалить
программы-вымогатели с вашего компьютера.
Цена программного обеспечения составляет 130 долларов США (0,0027 BTC).
может быть произведена только в биткойнах.
Как оплатить, где я могу получить биткойны?
Покупка биткойнов варьируется от страны к стране, лучше всего выполнить быстрый поиск в Google.
Сами узнайте, как купить биткойн.
Многие из наших клиентов отмечают, что эти сайты работают быстро и надежно:
Коинмама — hxxps://www.coinmama.com
Битпанда — hxxps://www.bitpanda.com
BTC : 19DpJAWr6NCVT2oAnWieozQPsRK7Bj83r4
ETH : 0x55069B5317529E07ccABAaA5AaE22a9bfa1C3E12
Для подтверждения покупки свяжитесь с администратором по электронной почте или в Telegram:
Электронная почта — imhere.ru77@gmail.comТЛГ - @payurransom'
----> Stay focused. <----
All your files have been encrypted
Your computer has been infected with a ransomware virus. Your files have been encrypted and you won't be
be able to decipher them without our help. What can I do to recover my files?
You can buy our decryption software, this software will allow you to recover all your data and delete the ransomware from your computer.
The price of the software is $130 (0.0027 BTC).
Payment can only be made in Bitcoin.
How to pay, where can I get Bitcoin?
Buying Bitcoin varies from country to country, it's best to do a quick Google search.
Yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com
Bitpanda - hxxps://www.bitpanda.com
BTC : 19DpJAWr6NCVT2oAnWieozQPsRK7Bj83r4
ETH : 0x55069B5317529E07ccABAaA5AaE22a9bfa1C3E12
To confirm your purchase, please contact the administrator via email or Telegram:
Email - imhere.ru77@gmail.comTLG - @payurransom
----> Restez concentré. <----
Tous vos fichiers ont été cryptés
Votre ordinateur a été infecté par un virus ransomware. Vos fichiers ont été cryptés et vous ne le serez pas pouvoir les décrypter sans notre aide.
Que puis-je faire pour récupérer mes fichiers ?
Vous pouvez acheter notre logiciel de décryptage, ce logiciel vous permettra de récupérer toutes vos données et de supprimer les
ransomware depuis votre ordinateur.
Le prix du logiciel est de 130 $ ( 0,0027 BTC).
Le paiement peut être effectué uniquement en Bitcoin.
Comment payer, où puis-je obtenir du Bitcoin ?
L'achat de Bitcoin varie d'un pays à l'autre, il est préférable de faire une recherche rapide sur Google.
Vous-même pour découvrir comment acheter du Bitcoin.
Beaucoup de nos clients ont signalé que ces sites étaient rapides et fiables :
Coinmama - hxxps://www.coinmama.com
Bitpanda - hxxps://www.bitpanda.com
BTC : 19DpJAWr6NCVT2oAnWieozQPsRK7Bj83r4
ETH : 0x55069B5317529E07ccABAaA5AaE22a9bfa1C3E12
Pour confirmer votre achat, veuillez contacter l'administrateur via mail ou Telegram :
Mail - imhere.ru77@gmail.com
TLG - @payurransom'
