Servicedeskpay@protonmail.com Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | August 16, 2018 |
| Last Seen: | August 21, 2018 |
| OS(es) Affected: | Windows |
The 'Servicedeskpay@protonmail.com' Ransomware is an encryption ransomware Trojan that was first observed on July 26, 2018. The 'Servicedeskpay@protonmail.com' Ransomware is one of the many variants in the Scarab family, a large family of ransomware that has been around for at least a year and that has seen an explosion in number of variants released between Spring and Summer of 2018. The 'Servicedeskpay@protonmail.com' Ransomware is almost identical to the many other encryption ransomware Trojans active today; the 'Servicedeskpay@protonmail.com' Ransomware uses the AES 256 encryption to make the victim's files unreachable and then demands a ransom payment from the victim in exchange for the decryption key needed to restore the affected files.
Why the 'Servicedeskpay@protonmail.com' Ransomware Encrypts Your Files
The 'Servicedeskpay@protonmail.com' Ransomware is typically delivered to victims through the use of corrupted email attachments, often taking the form of DOCX and PDF files containing embedded macro scripts that download and install the 'Servicedeskpay@protonmail.com' Ransomware onto the victim's computer. The 'Servicedeskpay@protonmail.com' Ransomware will target in these file types in its attacks:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The 'Servicedeskpay@protonmail.com' Ransomware's Ransom Demand
The 'Servicedeskpay@protonmail.com' Ransomware marks the files it encrypts by the attack by adding the file extension '.sdk' to the file's name. The 'Servicedeskpay@protonmail.com' Ransomware delivers a ransom note in the form of a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT,' which is dropped on the infected computer's desktop after the victim's files have been encrypted. The text of the 'Servicedeskpay@protonmail.com' Ransomware ransom note reads:
'Your files are now encrypted!
Your personal identifier:
[random characters]
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: servicedeskpay@protonmail.com
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
'Buy bitcoins', and select the seller by payment method and price:
hxxps://localbitcoins[.]com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk[.]com/information/how-can-i-buy-bitcoins
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
PC security researchers advise the use of file backups to ensure that your files are protected from threats like the 'Servicedeskpay@protonmail.com' Ransomware.
