Pezi Ransomware

The Pezi Ransomware is a new variant of the notorious STOP Ransomware. The STOP Ransomware is one of the most popular ransomware families, which experienced its peak in activity in 2019, with over 200 copies released over the course of one year.

Propagation and Encryption

The Pezi Ransomware is likely propagated via the most commonly used infection vectors:

• Malvertising campaigns.
• Mass spam emails.
• Bogus application downloads and updates.
• Torrent trackers.
• Fake copies of popular applications.

When the Pezi Ransomware infects a system, it will star the attack by scanning the contents of the computer. After this, the Pezi Ransomware will trigger the encryption process, which will make sure to lock all the targeted files securely. It is likely that this threat goes after documents, images, audio files, databases, archives, videos, presentations, spreadsheets, etc. The files affected by the Pezi Ransomware will have their names changed. This threat appends a '. pezi' extension to the names of the newly encrypted files. For example, a file called 'black-ash.png' will be renamed to 'black-ash.png.pezi.'

The Ransom Note

The Pezi Ransomware will drop its ransom note on the desktop of the victim. The name of the file that contains the ransom message of the attackers is '_readme.txt.' There are several major points outlined in the ransom note:

• The demanded ransom fee is $980.
• Users who contact the attackers within three days will get a 50% discount and will have to pay $490.
• The contact details provided are ‘restoremanager@firemail.cc' and ‘helpmanager@mail.ch.'
• The victim can send 1-2 files, which the attackers are willing to decrypt for free.

It is a risky bet to try and bargain with cybercriminals. Often, users who pay the demanded ransom fee are left empty-handed as the attackers do not always hold their end of the bargain. Make sure you remove the Pezi Ransomware from your computer with a reputable anti-virus software suite.