Recognizer Ransomware
There is recent ransomware on the loose, called the Recognizer Ransomware. The first instances of infections were spotted in late March 2019. The Recognizer Ransomware belongs to the family of the Paradise file-encrypting ransomware, with relatively small changes made to the threat's code.
Upon encryption, the ransomware appends a somewhat unusual, long extension to the resulting files. For example, once encrypted, a file named "picture.jpg" will become "picture.jpg_ _{file@p-security.li}.Recognizer". Upon execution, the Recognizer Ransomware opens a new window on the system and creates a ransom note called "Instructions with your files.txt" on the desktop. The pop-up window contains the following text:
'All your files have been encrypted!
Paradise Ransomware
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail file@p-security.li
You PC id:
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before payment you can send us 1-3 files for free decryption.
Please note that files must NOT contain valuable information.
The file size should not exceed 1MB.
As evidence, we can decrypt one file
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.net/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
You are guaranteed to get the decryptor after payment
As evidence, we can decrypt one file
Do not attempt to use the antivirus or uninstall the program
This will lead to your data loss and unrecoverable
Decoders of other users is not suitable to decrypt your files - encryption key is unique'
The ransom note itself is much shorter and reads as follows:
'All your files have been encrypted contact us via the e-mail listed below.
e-mail: file@p-security.li or e-mail: fileparadise@cock.li
Paradise Ransomware team.'
As far as ransomware goes, this has become a pretty standard procedure by now. The bad actors behind the new strains of ransomware have shifted to giving no specific ransom demand in the notes gradually. Instead, the victim is expected to contact them by email to find what the ransom is. According to reports, the bad actors behind the Recognizer Ransomware usually set the ransom in the $500 - $1500 range.
Currently, there is no decryption tool for the Recognizer Ransomware, and the only viable option for data recovery is restoring from a backup.
