Paradise ransomware: Now victims can get their files back for free with this decryption tool

This ransomware-as-a-service has been causing trouble for victims since 2017 - but now they don't need to pay to retrieve their files.
Written by Danny Palmer, Senior Writer

Victims of Paradise ransomware can now retrieve their files without giving into the demands of cyber criminals thanks to a newly released decryption tool.

Researchers at cybersecurity company Emsisoft have released a free decryption tool for Paradise – a ransomware sold 'as-a-service' on the dark web which has been locking the networks of victims and holding them for ransom since September 2017.

Paradise ransomware is typically delivered inside a malicious zip attachment in phishing emails. Once the user opens the file, the ransomware unpacks itself and encrypts files on the affected computer, adding extensions including ".paradise", ".2ksys19", ".p3rf0rm4", and ".FC".

SEE: 10 tips for new cybersecurity pros (free PDF)    

The ransomware also deletes backups for maximum impact in an effort to pressure the victim into paying the bitcoin ransom – the price of which is set by the individual attacker. 

However, now, thanks to the free decryption tool, victims of Paradise can now retrieve their files without paying bitcoin to cyber criminals.

The decryptor for Paraside is the latest decryption tool to come from Emsisoft; researchers also recently released a decryptor for WannaCryFake ransomware.

Ransomware atttacks have remained successful throughout 2019 because victims are giving into the demands of cyber criminals and paying the ransom in exchange for the return of their files.

That's despite warnings from the authorities to not give into the extortion demands, because not only does paying up show hackers that ransomware works, the ransom payment could be used to fund other criminal activity.

SEE: Ransomware: 11 steps you should take to protect against disaster

Organisations like local governmentsschools and universities and hospitals and healthcare providers have often found themselves being targeted by ransomware attacks, which in some cases now see the criminals demand hundreds of thousands of dollars in Bitcoin for the return of the network.

In many cases, however, ransomware attacks can be prevented from doing damage in the first place by following standard cybersecurity procedure. Organisations should patch operating systems and software applications, so that they're protected against criminals exploiting known vulnerabilities.

Failure to patch is one of the most common means of ransomware and other malware successfully compromising systems, alongside insecure remote desktop protocols (RDP) being left exposed to the internet with default login credentials.


Editorial standards