Pytehole Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | April 27, 2017 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The Pytehole Ransomware is a ransomware Trojan that was first uncovered on April 28, 2017. The Pytehole Ransomware is designed to affect computer users in English-speaking regions, although English is often used on the Internet even when targeting computer users in other parts of the world. The Pytehole Ransomware is being distributed using corrupted email attachments distributed using spam email messages mostly. The Pytehole Ransomware receives its name because the file used by this threat is named 'pyte-hole.exe' and seems to contain the Pytehole Ransomware's encryption engine. The Pytehole Ransomware can affect computers using both 32 and 64-bit versions of the Windows operating systems and represents a real threat to data placed on all local drives, removable memory devices connected to the connected device, and directories shared on the infected computer's network.
The Pytehole Ransomware Targets the Files Created by the Computer User Mainly
Unlike many ransomware Trojans that use Command and Control servers located on the Dark Web and away from the reach of most security specialists, the Pytehole Ransomware uses Command and Control servers on the open Web, which have allowed security researchers to respond fast to the attack. However, the Pytehole Ransomware does use an effective strategy in taking over the victims' data, with a fusion of the AES and RSA encryptions to make the victims' files ineffective. The files encrypted using the Pytehole Ransomware will be marked with the file extension '.adr,' making it easy to notice which files have been affected in the Pytehole Ransomware attack. This ransomware Trojan will target the files generated by the computer user, which includes PDF files, databases, spreadsheets, text files, media files, images, and a wide variety of files created by software such as Adobe Photoshop or AutoCAD. It seems that computer users cannot decrypt the files that have been affected by the Pytehole Ransomware deprived of the decryption key (which the con artists hold in their possession until the victim pays a ransom of 0.2 BitCoin, or about $237 USD).
Among the file types that the Pytehole Ransomware and similar ransomware Trojans will target are included the following:
.3dm, .3g2, .3gp, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .arw, .as, .as3, .asf, .asp, .asx, .avi, .bay, .bmp, .cdr, .cer, .class, .cpp, .cr2, .crt, .crw, .cs, .csv, .db, .dbf, .dcr, .der, .dng, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .dxg, .efx, .eps, .erf, .fla, .flv, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .kdc, .m3u, .m3u8, .m4u, .max, .mdb, .mdf, .mef, .mid, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .mrw, .msg, .nef, .nrw, .odb, .odc, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdb, .pdf, .pef, .pem, .pfx, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .pst, .ptx, .r3d, .ra, .raf, .rar, .raw, .rb, .rtf, .rw2, .rwl, .sdf, .sldm, .sldx, .sql, .sr2, .srf, .srw, .svg, .swf, .tif, .vcf, .vob, .wav, .wb2, .wma, .wmv, .wpd, .wps, .x3f, .xla, .xlam, .xlk, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .zip.
Dealing with a Pytehole Ransomware Infection
PC security researchers do not advise computer users to pay the Pytehole Ransomware ransom, despite the fact that the files cannot be recovered without the decryption key. This is because the people responsible for these attacks may ignore the payment, demand additional payments or reinfect the victims' computers. Prevention is crucial to dealing with the Pytehole Ransomware and limiting the effect of these attacks. If computer users have backups of all their files on an external memory device or the cloud, then the people responsible for the Pytehole Ransomware attack lost any power they have over the victim that entitles them to demand a ransom payment. Apart from having file backups, a reliable security program that is fully up-to-date can be used to intercept the attack or remove the threat completely before restoring the files from a backup copy.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.