Threat Database Ransomware Pay Us Ransomware

Pay Us Ransomware

The Pay Us Ransomware is a new, threatening ransomware that has been observed in the wild. The malware aims to infect users' computers and then execute an encryption algorithm, locking the data stored there. The hackers will then extort their victims for money in exchange for potentially restoring the now inaccessible files. Victims of the threat will notice that the names of the encrypted files have been changed. Indeed, the malware marks each encrypted file by appending '.pay us' to the original name as a new extension. When the process has been completed, the Pay Us Ransomware drops its ransom-demanding message inside a text file named 'read_me.txt.' The file carrying the ransom note will be generated on the compromised system's Desktop. 

Pay Us Ransomware's Demands

Opening the ransom note reveals that the operators of the Pay Us malware want to be paid in Bitcoins, arguably the most popular cryptocurrency. As for the exact sum of the ransom, users may be left quite confused. At one point, the note states that the ransom is $1500 exactly. However, right above the crypto-wallet address, users are told to send 0.1473766 BTC (Bitcoin). At the current conversion rate, that amount is worth close to $4600. If the hackers simply forgot to update their message with a more current Bitcoin value or they now want to be paid more significantly, cannot be determined. 

No matter the case, users shouldn't send even a dime to ransomware operators. There are no guarantees that the hackers will keep their end of the deal and provide the decryption key and tool. Furthermore, all the money sent to these unscrupulous people could then be used to fund their next threatening operation.

The full text of the note is:

'All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps:// Bitpanda - hxxps://

Payment informationAmount: 0.1473766 BTC
Bitcoin Address:


Most Viewed