PPDDDP Ransomware
Cybersecurity researchers have spotted a new ransomware threat in the wild recently. The ransomware threat was first uncovered in the first half of December 2019, and its name is PPDDDP Ransomware. The creators of the PPDDDP Ransomware use the AES encryption algorithm to lock the data on the targeted system and then extort the affected user for money.
Propagation and Encryption
It is not evident what are the infection vectors utilized in the distribution of this dangerous Trojan. Authors of ransomware threats would often propagate their creations via spam email campaigns. The malicious actors would compile a fraudulent message that would often use various social engineering tricks to persuade the user to launch the file that the attackers have attached to the email. Then, if the user decided to execute the attachment, their system will be compromised, and their data will get encrypted. This is why malware experts advise users to be very wary when opening emails and launching attachments from unknown sources. Other methods that are often utilized in the propagation of Trojans like the PPDDDP Ransomware are bogus software updates and downloads, fake pirated copies of various applications, torrent trackers, etc. Upon compromising the targeted computer, the PPDDDP Ransomware will sniff out all the data that fits its criteria and will begin encrypting it. When a file gets locked by the PPDDDP Ransomware, its name will be changed as this threat appends a ‘.support@anonymous-service.cc.ppdddp' extension at the end of the filename. For example, an audio file that you had originally named 'fire-water.mp3' will be renamed to ‘fire-water.mp3.support@anonymous-service.cc.ppdddp' after it undergoes the encryption process of the PPDDDP Ransomware.
The Ransom Note
In the next step of the attack, the PPDDDP Ransomware will drop its ransom note called 'FilesRestore.html.' The ransom message reads:
Your files has been encrypted!
Hi
We have encrypted your files. Yes we know that it's shitty but it's not a disasster.
You are able to decrypt all files without aftermath for a 48 hours.
If time will expire you'll unable to restore your files.
We'll format your disk and delete decryption keys from our database.
Don't waste your time to check backups, it's also encrypted or deleted.
Your ID: 507e83c9983ac00bcd5331991bd01***
You can buy BTC on one of this sites:
https://www.bestchange.com/paypal-usd-to-bitcoin.html
To get the decryptor you need to send mail with your ID to support@anonymous-service.cc Then you will receive mail with price, instruction for payment and decryption.
Attention!
No Payment = No decryption
You really get the decryptor after payment
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data, because each user's unique encryption key.
In the note, the attackers inform the user what has happened to their data and claim that if the victim pays up within 48 hours of the attack taking place, they will be able to restore their files. However, if the user misses the deadline, they will not be able to recover any of their data. The attackers claim that if the deadline is not met, they will make sure to delete the decryption keys and even format the user's disk. The attackers state that the user has to get in touch with them via email in order to receive information regarding the ransom fee and instructions on how to process the payment. Furthermore, the authors of the PPDDDP Ransomware instruct the user on how to obtain Bitcoin, which is the cryptocurrency they would prefer to be paid in. The email address provided for contact is ‘support@anonymous-service.cc.'
It is never advisable to cooperate with authors of malware. These are malicious actors who are certainly not trustworthy. Instead, you should use a reputable antivirus solution to remove the PPDDDP Ransomware from your PC safely.
