Threat Database Ransomware Pzdc Ransomware

Pzdc Ransomware

By GoldSparrow in Ransomware

The Pzdc Ransomware is a recently spotted data-locking Trojan, which appears to be rather interesting. Unlike most ransomware threats, which target a very large variety of filetypes as to cause maximum damage, the authors of the Pzdc Ransomware have taken a rather different approach. The Pzdc Ransomware only encrypts databases, which means that regular users will likely be unaffected, while businesses and various institutions will be the primary target of this file-encrypting Trojan. They even state that ‘we collect money only from rich people.’

It has not been confirmed what propagation method is being used to spread the Pzdc Ransomware, but keeping in mind that it targets institutions and companies mainly, it is likely that the authors of this threat are relying on phishing emails to propagate it. The Pzdc Ransomware will scan the system it infiltrates and locates the databases, which it will target. Then it will encrypt them. The Pzdc Ransomware applies a ‘.pzdc’ extension to the affected files. This means that a database named ‘newborns-names.db’ will be renamed to ‘newborns-names.db.pzdc.’ Then the Pzdc Ransomware drops a ransom note named ‘1_VIRUS_SHIFROVALSHIK.txt.’

The ransom message is available both in English and Russian. In the note, the authors of the Pzdc Ransomware ask for 100 Monero (approximately $9,150 at this time) as a ransom fee, which is a rather hefty sum. To get in touch with the attackers and pay the ransom fee, the victim has to download and install the TOR browser because this is the only Web browser, which grants access to the Deep Web, which is where the Runion portal used by the attackers is hosted. Their Web page is called Runion, a wordplay from ‘Russian’ and ‘onion’ which is the domain suffix used on the Deep Web. The victim can get in touch with the attackers via a chat box available at the bottom of the page.

We recommend you to keep your distance from cybercriminals in all instances. If you have become a victim of the Pzdc Ransomware, you should use a reputable anti-virus application to clear your system of this nasty pest.


Most Viewed