Researchers Report on PayDay ransomware
PayDay ransomware is a newly identified ransomware by security analysts. It's sample was spotted while investigating a Trojan which is associated with an image from Payday game franchise from the Overkill Software. According to the group of malware researchers, it is based on the hidden tear project. This variant of ransomware doesn't feature with any new features except that it mainly affects the Portuguese speaking System users but does not mean that it cannot affect other languages users. Similar to the traditional ransomware, it scares victims and extort huge amount of ransom money from them.
The Infection Flow of PayDay ransomware
Upon the successful infiltration, PayDay ransomware perform deep scan and target almost all file types such as audios, images, videos, PDFs, databases, documents etc using strong and powerful AES-256 cipher algorithm. After infecting files, it makes all targeted files inaccessible or unreadable. System users can easily recognize the enciphered files of this ransomware because it appends ".sexy" file extension at the end of the original filename. The encryption procedure performed by this ransomware is really secure and the file decryption is impossible without private key. On the completion of encryption procedure, hackers will drop a ransom note on your desktop screen entitled as "!!!!!ATENÇÃO!!!!!.html". The con artists of this ransomware urges user to make payment to "1HGYr8g4Jv9EH6qgvEPFFFN9LYMkivFP7L" walled address using BitCoins. The screenshot of ransom window displayed by PayDay ransomware is as follow :
No Need To Pay Ransom Fee Demanded By PayDay ransomware
By displaying scary message, hackers asks victim to pay ransom fee but it is not a right decision to get files back. The creators of such a ransomware does not provide any guarantees to deliver file decryption tool even paying of the huge ransom money. By paying money to hackers, you only encourage them to promote their evil intention. File recovery is only possible using backup. If somehow, your stored files locked with such a ransomware then you should take a proper action immediately and delete PayDay ransomware from your compromised machine ASAP.
Unethical Distribution Channels of PayDay ransomware
- Freeware packages that preferably downloaded from the unsafe or untrusted sites.
- Spam messages, mail attachments and links that usually arrived from unknown senders
- Porn, hacked or gambling site that contains exploit codes.
- Use of any infected removable devices.
- Outdated anti-virus application, drive-by-downloads, torrent hackers and much more.
Follow Steps To Uninstall PayDay ransomware From Operating System
Step A: Know How to Reboot Windows Operating System in Safe Mode (This guide is meant for novice users).
Step B: PayDay ransomware removal Using System Restore.
Still, if you are facing problem in rebooting Operating System in Safe mode, opt for System Restore. Follow the steps given below. Press F8 continuously until you get Windows Advanced Options Menu on Computer Monitor. Now Choose Safe Mode with Command Prompt Option and Tap enter.
- In the Command Prompt Windows, you need to type this command : cd restore and Select Enter system-restore-1
- Now type rstrui.exe as command and press on Enter.
- This will open a new window to Restore System Files and Settings. Click on Next to proceed.
- Restore Point is to be selected from the date you want to restore back your system as it was earlier to PayDay ransomware attack.
Step C: Another method for recovering your decrypted files are by using file recovery software
If above methods are not successful you can go for file recovery software. It can be helpful in recovering your encrypted files as PayDay ransomware first makes a copy of original files and then encrypt it. After encryption it Uninstalls the original files. So there is high probability that these file recovery software can help you in recovering your original files.
Step D: Know How to Restore Shadow Copies of Encrypted Data
In certain cases, if PayDay ransomware has not Uninstalld the Shadow Copies of the data then it can be easily restored using ShadowExplorer. (Know how to install and use ShadowExplorer).