Threat Database Ransomware Pegasus Ransomware

Pegasus Ransomware

Pegasus has emerged as a significant ransomware threat uncovered by information security (infosec) researchers. Upon analysis, it has been revealed that this malware is crafted to encrypt the data of its victims using a robust encryption algorithm, effectively locking them out of their own files. The ultimate aim of the attackers behind Pegasus is to extort ransom payments from victims in exchange for providing decryption tools or keys to unlock the encrypted data.

As part of its operation, Pegasus modifies the original filenames of the affected files by appending a unique set of random characters as a new file extension. For instance, a file initially named '1.png' would be altered to '1.png.tBC9M,' while '2.pdf' would become '2.pdf.qVuj7,' and so forth. Once the encryption process is completed, Pegasus drops a ransom note titled "Ghost_ReadMe.txt" onto the compromised systems, informing the victims of the encryption and outlining instructions for making the ransom payment.

The Pegasus Ransomware Takes Victims' Data Hostage

The ransom message delivered by Pegasus Ransomware claims that the victim's files have been encrypted and are inaccessible. It assures them that purchasing the decryption tool from the attackers will enable them to regain access to their data. The ransom amount is specified as $350 in Bitcoin cryptocurrency. Once the ransom payment is made, victims are instructed to provide proof of the transaction, with the promise of receiving the decryptor.

Cybersecurity experts caution that decryption without the involvement of cybercriminals is typically rare. Instances where data restoration is feasible often involve malware with significant flaws in its code.

However, paying the ransom does not guarantee the recovery of data, as cybercriminals frequently fail to deliver the promised decryption keys or software. Furthermore, complying with ransom demands only serves to support illegal activities conducted by cybercriminals. Consequently, researchers strongly advise against paying any ransom.

While removing the Pegasus Ransomware from the operating system can prevent further data encryption, it does not automatically restore files that have already been compromised. Therefore, victims need to focus on prevention and recovery measures that don't involve paying the ransom.

Important Measures to Prevent Ransomware Infections and Mitigate Their Impact

Preventing ransomware infections and mitigating their impact requires a multi-faceted approach. Here are important measures users can take:

  • Keep Software Updated: Regularly update operating systems, software applications, and security programs. Program updates often deliver fixes for known vulnerabilities that ransomware exploits.
  •  Use Anti-Malware Software: Install reputable anti-malware software and keep it up to date. These programs can detect and remove ransomware before it can encrypt files.
  •  Exercise Caution with Email Attachments and Links: Always be cautious when encountering email attachments or links, principally if they are from unfamiliar or suspicious sources. Many ransomware attacks originate from phishing emails containing malicious attachments or links.
  •  Enable Pop-up Blockers: Enable pop-up blockers in Web browsers to prevent fraudulent pop-ups that may contain ransomware or links to unsafe websites.
  •  Backup Data Regularly: Regularly back up vital files and data to an independent hard drive, cloud storage, or a secure network location. In the event of a ransomware attack, having backups ensures that files can be restored without paying the ransom.
  •  Use Strong Passwords and Multi-Factor Authentication: Make sure always to use strong, unique passwords for your accounts. Also, enable multi-factor authentication whenever possible. The ways to use strong, unique passwords for your accounts. The multi-factor authentication adds more security that can prevent unauthorized access to accounts and devices.
  •  Educate Users: Instruct users about the risks of ransomware and how to recognize phishing emails, suspicious websites, and other common attack vectors. User awareness training can help prevent ransomware infections by entitling users to make informed decisions about cybersecurity.
  •  Implement Network Security Measures: Employ network security measures such as network segmentation, firewalls and intrusion detection systems to block the spread of ransomware within the network.

By implementing these preventive measures, users can minimize the risk of being victim to ransomware attacks significantly and minimize the impact if an infection occurs.

The ransom note dropped on the systems infected by the Pegasus Ransomware is:

'Oops, Your Files Have Been Encrypted!

We Have Encrypted Your Data With The Strongest.
You Don't Need to worry.

All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.

What can I do to get my files back? You can buy the decrypter.
it will leave your pc as it was before the encryption.

How Can I Decrypt Files?

You Can Buy Crypto Here: hxxps://

Send $350 To Bitcoin Wallet address: 16JpyqQJ6z1GbxJNztjUnepXsqee3SBz75

Send Proof of Transaction to Our Email Address to Get a Decryption Tool and Private Key

Contact Our email address:

Note: Do Not Use Third Party Decryption Tools'

Related Posts


Most Viewed