Security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware.
This ransomware family encrypts files using Salsa20 and RSA-1024 and it appends several extensions to theis filenames.
“The Paradise ransomware encrypts victims using Salsa20 and RSA-1024, and appends one of several extensions such as “.paradise”, “2ksys19”, “.p3rf0rm4”, and “.FC”.” reads the post published by Emsisoft.
Below an example of a ransom note shared by the experts at Emsisoft.
Filename = “—==%$$$OPEN_ME_UP$$$==—.txt”
WHAT HAPPENED!
Your important files produced on this computer have been encrypted due a security problem.
If you want to restore then write to the online chat.
Contact!
Online chat: http://prt-recovery.support/chat/6-Support
Your operator: Support
Your personal ID: [redacted]
Enter your ID and e-mail in the chat that you would immediately answered.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not attempt to use the antivirus or uninstall the program.
This will lead to your data loss and unrecoverable.
Decoders of other users is not suitable to decrypt your files - encryption key is unique.
The decryptor for the ransomware is available at the following URL:
https://www.emsisoft.com/ransomware-decryption-tools/download/paradise
Recently Emsisoft firm has released a new free decryption tool the STOP (Djvu) ransomware, in the last months, the research team helped victims of many other threats.
The company released several decryptors in the recent months, in September it published a free decryption tool for the Avest ransomware
In August, security researchers at Emsisoft released a decryptor tool that allows the victims of the JSWorm 4.0 ransomware to decrypt their files for free. In May Emsisoft experts released a free Decrypter tool for the JSWorm 2.0 variant.
In July the company released other free decryptors for the LooCipher ransomware, the ZeroFucks ransomware, and the Ims00rry ransomware.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – ransomware, malware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
This website uses cookies.