Emsisoft released a free decryption tool for Paradise ransomware

Researchers at Emsisoft firm has released a new free tool to decrypt files encrypted by the Paradise ransomware

Security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware.

This ransomware family encrypts files using Salsa20 and RSA-1024 and it appends several extensions to theis filenames.

“The Paradise ransomware encrypts victims using Salsa20 and RSA-1024, and appends one of several extensions such as “.paradise”, “2ksys19”, “.p3rf0rm4”, and “.FC”.” reads the post published by Emsisoft.

Below an example of a ransom note shared by the experts at Emsisoft.

Filename = “—==%$$$OPEN_ME_UP$$$==—.txt”

WHAT HAPPENED!
Your important files produced on this computer have been encrypted due a security problem.
If you want to restore then write to the online chat.

Contact!
Online chat: http://prt-recovery.support/chat/6-Support
Your operator: Support
Your personal ID: [redacted]

Enter your ID and e-mail in the chat that you would immediately answered.

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not attempt to use the antivirus or uninstall the program.
This will lead to your data loss and unrecoverable.
Decoders of other users is not suitable to decrypt your files - encryption key is unique.

The decryptor for the ransomware is available at the following URL:

https://www.emsisoft.com/ransomware-decryption-tools/download/paradise

Recently Emsisoft firm has released a new free decryption tool the STOP (Djvu) ransomware, in the last months, the research team helped victims of many other threats.

The company released several decryptors in the recent months, in September it published a free decryption tool for the Avest ransomware

In August, security researchers at Emsisoft released a decryptor tool that allows the victims of the JSWorm 4.0 ransomware to decrypt their files for free. In May Emsisoft experts released a free Decrypter tool for the JSWorm 2.0 variant.

In July the company released other free decryptors for the LooCipher ransomware, the ZeroFucks ransomware, and the Ims00rry ransomware.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.