PSCrypt Ransomware
The PSCrypt Ransomware is n encryption ransomware Trojan that was first observed around late June of 2017. The PSCrypt Ransomware is being distributed in a way typical of many ransomware Trojans, as a corrupted Microsoft Word file with enabled macros. Emails used to deliver the PSCrypt Ransomware Trojan will use social engineering techniques, disguising their contents as a message from an online retailer or social media platform. When the corrupted file is opened, it downloads and installs the PSCrypt Ransomware onto the victim's computer.
Table of Contents
The PSCrypt Ransomware Targets Numerous File Types
The PSCrypt Ransomware had been observed before under another name. In December 2016, the Globe Imposter Ransomware, an early version of the PSCrypt Ransomware, was released. The PSCrypt Ransomware is being used in attacks in Russia, Ukraine, and in countries in Western Europe currently. Like other encryption ransomware Trojans, the PSCrypt Ransomware will encrypt the victims' files using a strong encryption algorithm. The PSCrypt Ransomware will identify the files encrypted by the attack with the file extension '.pscrypt,' which is added to the end of each affected file's name. In its attack, the PSCrypt Ransomware will target a wide variety of file types, including the following:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The PSCrypt Ransomware’s Interactive Ransom Note
The PSCrypt Ransomware creates a directory on the infected computer's desktop. This directory is named 'PSCrypt' and inside it is the file 'Paxynok.html,' Ukrainian for 'Data.html.' This file contains a ransom note that demands a large payment in Ukrainian currency equivalent to$100 USD approximately. Theransom note associated with the PSCrypt Ransomware attack reads:
'YOUR PERSONAL IDENTIFIER
13 69 9B 5F 1E ***
YOUR FILES ARE TEMPORARILY UNAVAILABLE.
ALL YOUR DATA HAS BEEN ENCRYPTED!
To recover data you need decryptor.
To get the decryptor you should:
The payment is made from bitcoin (BTC):
The cost of the service is 2500 UAH
Payment can be made in the IBox terminal.
Payment instruction:
1. Find the nearest Aybox Aibox terminal
Use the search bar to find the service "Btcu.biz".
2. Enter your phone number.
3. Make the amount of 2500 UAH.
4. Print and save the receipt.
5. Login to btcu.biz.
6. In the "Buy" => "For cash in the terminal" section, enter the code from the check (underlined in red), enter the captcha, read and agree to the Terms of Use and click the "Pay" button.
check
Make sure that the code is accepted and the amount is the same as that entered in the terminal.
7. After the code was correctly accepted by the system, click "Next" to select the method of receiving funds.
Site
8. Select the section "Add to the BTC address", enter the address - 1AY8WvyqnHwDSqY2rp3LcE6sYTQkCu9oCY and captcha, press the "Send" button.
Site2
9. After payment:
Send a screenshot of the payment to systems64x@tutanota.com
In the letter, enter your personal identifier (see the beginning of this document).
10. After receiving the decoder and instructions, you can continue to work.
Additional Information:
The program can decrypt one file as proof that it has a decoder. To do this, send an encrypted file to the mail: systems64x@tutanota.com
Attention!
No payment = No decryption
You really get the decoder after payment
Do not try to remove the program or run antivirus tools
Attempts to self-decrypt files will result in the loss of your data
Other users' decoders are not compatible with your data, as the unique encryption key for each user.
Regards.'
Dealing with the PSCrypt Ransomware
The best way to deal with the PSCrypt Ransomware is to recover your files from a backup copy. Having file backups, along with a reliable security program is the best protection against threats like the PSCrypt Ransomware. Malware researchers advise against paying the PSCrypt Ransomware ransom.
SpyHunter Detects & Remove PSCrypt Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | wmodule.exe | e8c2b4a8335c513a92388dcfe595f0e5 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.