Threat Database Ransomware Pykw Ransomware

Pykw Ransomware

By GoldSparrow in Ransomware

Pykw Ransomware Image

The Pykw Ransomware is a brand-new file-locker that appears to go after users at random. Instead of selecting their victims carefully, the authors of the Pykw Ransomware are trying to propagate this threat as far and wide as possible. The more users it affects, the more likely it is for the Pykw Ransomware creators to generate significant revenue. This new file-locker is a variant of the infamous STOP Ransomware.

Propagation and Encryption

If you fall victim to the Pykw Ransomware, your system will be scanned and your data located. This is done right before the Pykw Ransomware triggers the encryption process. This nasty Trojan would use a secure encryption algorithm to lock the targeted files. Threats like the Pykw Ransomware usually go after a wide variety of filetypes, which include .mp3, .aac, .midi, .mid, .wav, .mov, .webm, .mp4, .png, .svg, .jpeg, .jpg, .gif, .txt, .pdf, .docx, .doc, .xlsx, .xls, .db, .zip, .rar, .ppt, .pptx and many others. When the Pykw Ransomware applies its encryption algorithm to a file, it also changes its name. This data-locking Trojan adds the '.pykw' extension. For example, a file named 'citrus-slide.ppt' will be renamed to 'citrus-slide.ppt.pykw' after the Pykw Ransomware encrypts it. Malware researchers believe that the Pykw Ransomware is propagated via fake social media posts, malvertising operations, torrent trackers, phishing emails, bogus application updates, etc.

The Ransom Note

In the next step of the attack, the Pykw Ransomware drops a ransom note on the user's computer. The name of the ransom note is '_readme.txt.' In the ransom message, the attackers state that the ransom fee is set at $980, however, if the user manages to contact them within 72 hours, the price drops by 50%, and they would have to pay $490 instead. As corroboration that they have a working decryption tool, the Pykw Ransomware authors offer to unlock one or two files for free. The contact details of the attackers are ‘' and ‘'

It is not recommended to cooperate or bargain with cyber crooks. There is no guarantee you will receive what you pay for. It is advisable to remove the Pykw Ransomware from your PC as soon as possible via a reputable, modern anti-virus software suite.


Most Viewed