'pizdasobaki@protonmail.com' Ransomware

The 'pizdasobaki@protonmail.com' Ransomware is an encryption ransomware Trojan. However, the 'pizdasobaki@protonmail.com' Ransomware's behavior has some characteristics that set it apart from most encryption ransomware Trojans, which has caught the attention of PC security researchers. The 'pizdasobaki@protonmail.com' Ransomware was first observed on February 7, 2019, and is designed to carry out an encryption ransomware attack. This means that the 'pizdasobaki@protonmail.com' Ransomware is designed to make the victims' files inaccessible and then demand the payment of a fee from the victim in exchange for restoring access to the compromised files.

How the 'pizdasobaki@protonmail.com' Ransomware Works

The 'pizdasobaki@protonmail.com' Ransomware is delivered as a PIF, or Program Information File. Windows loads the ‘pizdasobaki@protonmail.com’ Ransomware with the ShellExecute function. The criminals responsible for the 'pizdasobaki@protonmail.com' Ransomware have created an exploit that allows the 'pizdasobaki@protonmail.com' Ransomware to run a bad code on the victim's computer. Once the 'pizdasobaki@protonmail.com' Ransomware carries out its attack, a strong encryption algorithm will be used to encrypt the victim's data, targeting a wide variety of the user-generated files, such as media files, documents, databases, configuration files, and many other data containers. The 'pizdasobaki@protonmail.com' Ransomware targets the user-generated files on local memory devices and external devices connected to the affected computer. The following are examples of the files that the 'pizdasobaki@protonmail.com' Ransomware will encrypt during its attack:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The 'pizdasobaki@protonmail.com' Ransomware will mark the files it targets with the file extension '.crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx,' which will be added to each affected file's name. The 'pizdasobaki@protonmail.com' Ransomware delivers its ransom note in the form of an HTML file named 'IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.HTML,' which will be displayed on the infected computer's desktop. The 'pizdasobaki@protonmail.com' Ransomware ransom note reads as follows:

'All your personal files have been encrypted
Your personal identifier
[random characters]
Buy 0.50 Bitcoin here:
https://localbitcoins.com/ru/
Sen them to this bitcoin wallet:
[random characters]
Send us your personal identifier by mail:
pizdasobaki@protonmail.com
Receive decoder in reply'

Dealing with the 'pizdasobaki@protonmail.com' Ransomware

The criminals responsible for the 'pizdasobaki@protonmail.com' Ransomware demand a ransom of 0.5 BTC (800 USD approximately) in exchange for the decryption key needed to restore the affected files. Paying the 'pizdasobaki@protonmail.com' Ransomware ransom demand or contacting the criminals responsible for the attack is not a recommended choice since it may increase the risk of further infections. Instead, computer users should use backup copies of their data to restore any files compromised by the 'pizdasobaki@protonmail.com' Ransomware Trojan. File backups saved on the cloud or another secure location such as an external memory device should be used to keep your data safe from encryption ransomware Trojans like the 'pizdasobaki@protonmail.com' Ransomware. Apart from file backups, the use of a security program will decrease the risk of future infections greatly.