Pizhon Ransomware
Pizhon Ransomware is the name given to a ransomware threat that is designed to target users located in Russia or Russian-speaking countries primarily. The Pizhon Ransomware acts as typical ransomware - dropped onto a computer, it will proceed to encrypt almost all of the files stored on it and then demand the payment of a ransom for their potential restoration. The Pizhon Ransomware changes the name of every file it encrypts by appending '.pizhon' followed by a string of 16 random characters. Text files carrying the ransom note will be dropped in every folder with encrypted data. The name of these text files is '!!!README!!!.txt.'
Opening any of the '!!!README!!!.txt' files reveals a set of instructions written entirely in Russian. No translations into other languages have been included. The criminals expect their victims to open an address hosted on the TOR network, create an account there, then log into it, and only after that send a message to the provided email address at 'pizhon@torbox3uiot6wchz.onion.' The note doesn't mention the specific amount of money demanded by the hackers, if the ransom must be paid in one of the numerous cryptocurrencies, or if any files can be added as attachments to the emails to be decrypted for free.
The original text of the ransom note delivered by Pizhon Ransomware is:
'Вся Ваша информация на этом компьютере была зашифрована.
Для расшифровки Вам нужно выполнить несложные действия:
------------------------------------------------------------
1. Скачайте по ссылке тор-браузер, установите его:
hxxps://www.torproject.org/download/download-easy.html
2. Откройте тор-браузер, перейдите по адресу и зарегистрируйте себе e-mail:
hxxp://torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion/signup-en.php
3. Войдите в почтовый ящик:
hxxp://torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion/wm/
4. Напишите письмо на e-mail:
e-mail: pizhon@torbox3uiot6wchz.onion
Укажите в письме Ваш код для разблокировки: 42284753
5. Ждите ответ.
------------------------------------------------------------
Учтите, что письма с обычных email - мы не получим, кроме тех, которые есть в этом списке:
hxp://torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion/relay-en.php'
Should You Pay The Ransom?
We highly recommend that you never pay the ransom, no matter what. The people behind the virus are extortionists that want you to pay to have your files restored. The problem is that they don’t always do what they say they will. There is no guarantee that the decryption tools the attackers give you will work. There isn’t even a guarantee that the attackers will provide you with any tools at all. There are many cases where people pay the ransom only to have the attackers disappear into the ether, never to be heard from again.
How To Restore Lost Files
So, what options do victims have if they shouldn’t pay the attackers? One problem with malware such as this is that it makes regular data recovery methods impossible. The virus deletes Shadow Volume Copies of data from the computer. These copies are what Windows uses for System Restore and other recovery options. Many third-party file recovery programs also use these Shadow Volume Copies.
The only way to guarantee that you get your files back after a ransomware infection s to use an external backup, such as a backup from an external device or the cloud. We recommend that you remove the virus from your computer first. Otherwise, Pizhon will encrypt your newly restored files as well. Even worse, the virus may encrypt your backup device, making a recovery impossible.
Most antivirus and antimalware programs can find and remove the Phizon ransomware virus from your computer. Removing the virus won’t get your data back, but it does prevent further infections at the least. Take good care of your computer and practice safe digital hygiene in the future to avoid additional issues. Ignore spam emails, and don’t let yourself get duped by phishing attacks. A few small changes here and there can make a world of difference for your computer.
