#cybersecurity | #hackerspace |

Emsisoft releases new decryptor for Paradise ransomware

We just released a new free decryption tool for the Paradise ransomware strain. First detected in September 2017, ID Ransomware reports that it’s still getting submissions to this day.  Paradise is actively being distributed and appears to be used as a Ransomware as a Service (RaaS).

Paradise has fifty or more known extensions such as:

Chrysanthemum.jpg_Kim Chin Im_{Jtmv9w}.sev

Most of Paradise’s extensions can be decrypted, but some are still in development. Visit the Emsisoft Decryptions Tools page to verify if the decryptor cannot decrypt your files.

Important: If the decryptor does not work for your files, do not delete them. Archive them so you’re able to unlock them once a decryptor is available.


Sign-up for the Emsisoft newsletter to get notified of new decryptors as soon as they’re released. (Scroll down to the end of this post to fill out the newsletter sign-up form).

You can download the FREE decryption tool linked below. A detailed guide is also included.

Download the Paradise Decryptor here


Emsisoft Decryptor for Paradise

Technical details

Paradise is a strain of ransomware that encrypts victims’ files using Salsa20 and RSA-1024, and appends one of several extensions such as “.paradise”, “2ksys19”, “.p3rf0rm4”, and “.FC”.

The ransomware also creates different variations of ransom notes (“—==%$$$OPEN_ME_UP$$$==—.txt”) and one of them reads:

$$ $$ $$
$$ ╔╗╔╗╔╗╔╗╦╗╦╔╗╔═ $$ █████████████████████████████ $$
$$ ║║╠╣╠╝╠╣║║║╚╗╠═ $$ █─█─███───███───███────████─█ $$
$$ ╠╝║║╠╗║║╩╝╩╚╝╚═ $$ █─█─█████─█████─███─██─███──█ $$
$$ ╔╗╔╗║║╔╗╔╗╔╦╗║╦║╔╗╔╗╔═ $$ █─█─███───███───███─██─████─█ $$
$$ ╠╝╠╣╬║╚╗║║║║║║║║╠╣╠╝╠═ $$ █───█████─█████─███─██─████─█ $$
$$ ╠╗║║║╬╚╝╚╝║║║╚╩╝║║╠╗╚═ $$ ██─██─█───█─█───█─█────█─██─█ $$
$$ $$ █████████████████████████████ $$
$$ $$ $$

Your important files produced on this computer have been encrypted due a security problem.
If you want to restore then write to the online chat.

Online chat: http://prt-recovery.support/chat/6-Support
Your operator: Support
Your personal ID: [redacted]

Enter your ID and e-mail in the chat that you would immediately answered.

Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not attempt to use the antivirus or uninstall the program.
This will lead to your data loss and unrecoverable.
Decoders of other users is not suitable to decrypt your files – encryption key is unique.

Successful decryption of Paradise ransomware

Successful decryption of Paradise ransomware

Download the Paradise Decryptor here


Regardless of what any of the Paradise ransom notes might say, our decryption tool can help you recover your files for free. Please get in touch with our support team if you have any questions.

The post Emsisoft releases new decryptor for Paradise ransomware appeared first on Emsisoft | Security Blog.

*** This is a Security Bloggers Network syndicated blog from Emsisoft | Security Blog authored by Katherine. Read the original post at: https://blog.emsisoft.com/en/34540/emsisoft-releases-new-decryptor-for-paradise-ransomware/

Source link

Leave a Reply