PyAesCrypt Ransomware
The PyAesCrypt Ransomware Trojan is an encryption ransomware Trojan observed in April 2019. The PyAesCrypt Ransomware is written using Python and also may be known as 'Marduk Ransomware.' The PyAesCrypt Ransomware carries out a typical encryption ransomware attack, making the victim's files inaccessible and then demands a ransom for their return. Computer users are better taking steps to prevent the PyAesCrypt Ransomware attacks and similar malware campaigns.
How the PyAesCrypt Ransomware Attack Works
The PyAesCrypt Ransomware attack is linked to the following corrupted files:
Marduk.exe.manifest
_ctypes.pyd
_decimal.pyd
libcrypto-1_1.dll
top_level.txt
win.exe
The PyAesCrypt Ransomware, like most encryption ransomware Trojans, is designed to take the victim's files hostage. To do this, the PyAesCrypt Ransomware uses the AES encryption to lock them and then marks them with the file extension '.lock,' added to each affected file's name. The PyAesCrypt Ransomware targets the user-generated files, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The PyAesCrypt Ransomware will then deliver a ransom note asking the victim to pay 100 USD in Bitcoin. The PyAesCrypt Ransomware delivers its ransom message in 19 distinct text files named 'ReadMe 0.txt' to 'ReadMe 19.txt,' which contain the following message written in different languages:
'ENGLISH
Your files have been encrypted!
If you want to decrypt your files, send 100$ for this Bitcoin Wallet:
3CU67cnSDShTCGfcRic8bki1LGfRqM1vdw
Then send me Transaction ID:
EMAIL: hm3edn+aajyjnn64htaosrk@sharklasers.com'
Protecting Your Data from Threats Like the PyAesCrypt Ransomware
Unfortunately, once the PyAesCrypt Ransomware attacks the targeted files, they will no longer be recoverable. This is why computer users need to take steps to protect their data preemptively. The best protection against all ransomware Trojans, including the PyAesCrypt Ransomware, is to have backup copies of your files. Having the possibility of restoring compromised files from a backup copy removes the criminals' leverage to demand a ransom payment and gives computer users a way to recover any data lost by the PyAesCrypt Ransomware attack. Apart from having the means to restore any data compromised in the PyAesCrypt Ransomware attack, however, computer users also should also a way to prevent the PyAesCrypt Ransomware attacks from happening in the first place. To do this, computer users should install a security program, which can intercept the PyAesCrypt Ransomware (although it will not decrypt files compromised in an attack). Computer users should also be aware of common delivery methods for this malware kind, such as spam email attachments and bogus file downloads.
