PAHD Ransomware from the STOP/Djvu Ransomware Family Demands $980 for File Decryption
On June 4th 2021, the FBI published an “FBI Statement on Recent Ransomware Attacks” on their official government website detailing the growth of ransomware-related cybercrimes. Over the past few years, there has been a steady rise in hacking incidents, and this is likely to continue as trends including cyber insurance compel well funded hacking syndicates to aim at larger targets. As technology advances at a breakneck pace, so does the ability for hackers to use these advancements to their advantage.
Ransomware is a type of malware that encrypts data and then demands a ransom to be paid to decrypt it. What started as an issue primarily affecting home users has expanded to include businesses, schools, hospitals, and other organizations. The evolution of ransomware, its proliferation, and the ramifications are numerous.
Among the better-known ransomware families is the STOP/Djvu ransomware group. It seems to unleash new versions of its infections regularly.
Most varieties within the STOP/Djvu ransomware family work almost identically but are distinguished by a unique four-letter designation. The four-letter sequence is used as an extension that is appended to every single encrypted file. This time, our main character is PAHD Ransomware, which is yet another addition to the ransomware group and, like its other ransomware variants, it’s mostly spread via spam, exploit kits and compromised websites.
PAHD Ransomware adds the .PAHD suffix to the affected files and leaves a ‘_readme.txt‘ ransom note on the user’s desktop. The ransom note requires the affected user to pay $490 for file decryption, and it also gives additional information that the victim can use to contact the criminals.
The ransomware creators offer to decrypt one file as a test. It is supposed to prove that their decryption key works. Allegedly, victims can use the email@example.com and firstname.lastname@example.org to contact the people behind PAHD Ransomware and send that one file for decryption. Nevertheless, contacting the criminals does not necessarily mean that they will decrypt the affected files even if victims transfer the payment. Therefore, it is not advised to communicate with the perpetrators.
The PAHD Ransomware ransom note says the following: ATTENTION! Don’t worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Some of the files locked by PAHD Ransomware could be decrypted using a public decryption tool for STOP Djvu Ransomware infections, provided they were encrypted with an offline encryption key. However, there is a chance that a public file decryptor may not work, so it is always highly recommended to keep backups of your files as a measure of protection against ransomware. Although the criminals behind PAHD Ransomware may tell you that you will get a decryption tool once you pay the ransom, it is very likely that they will just take the payment and make a run for it. Therefore, it is recommended to remove PAHD Ransomware with a powerful anti-malware tool.
If you are still having trouble, consider contacting remote technical support options.