The Paradise Ransomware is an encryption ransomware Trojan first observed in the second week of September 2017. The Paradise Ransomware is part of a Ransomware as a Service (RaaS) platform that includes threats such as the TeslaWare. These services allow the con artists to lease a third-party to create and manage ransomware Trojans, which they can customize and distribute depending on the targets they want to attack. The people responsible for the RaaS receive a percentage of the profits while taking care of managing payments and maintaining them up-to-date.

The person hiring the services of the RaaS can choose the way they will distribute the Paradise Ransomware. Some common ways of distributing these threats include corrupted spam email attachments and various compromised online websites and content.

Following infiltration, Paradise encrypts stored data using RSA-1024 cryptography and appends names of encrypted files with the “id-[affiliate_id].[affiliate_email].paradise” extension. For example, “sample.jpg” might be renamed to a filename such as “sample.jpgid-3VwVCmhU.[info@decrypt.ws].paradise“. Following successful encryption, Paradise creates three text files (“PARADISE_README_paradise@all-ransomware.info.txt“, “Files.txt“, “Failed.txt“, and “#DECRYPT MY FILES#.txt“) placing them on the desktop.

Paradise malware has never been among the most dangerous cyber threats. However, developers of ransomware decided to come back with a new version. Security experts uncovered that in early March the new virus version started appending [id-].[support@all-ransomware.info].sell file extension. Later versions still use the same unbreakable encryption method. Hence, only backups can help to fully survive after Paradise virus attack. Following the encryption, it also delivers a ransom note called #DECRYPT MY FILES# .html. Crooks ask to pay the ransom in Bitcoins.

When Paradise ransomware infects your computer it will scan all the drive letters for targeted file types, encrypt them, and then append an extension to them. Once these files are encrypted, they will no longer able to be opened by your normal programs. When this ransomware has finished encrypting the victim’s files, it will create a pop-up ransom note which includes instructions on how you can make a payment.

how to protect your PC against paradise ransomware?

The main reasons for computer infections are poor knowledge and careless behavior. Therefore, be cautious when browsing the Internet. Never open files received from suspicious emails or download software from unofficial sources. If possible, select the direct download URL, rather than using third party downloaders, since these tools often bundle malicious/potentially unwanted apps. Furthermore, keep installed applications up-to-date and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is caution.

For more cybersecurity information contact us at help@theweborion.com