A free decryption tool for a form of ransomware that has plaguing victims since 2017 has just been updated with additional capabilities to make it more effective at returning encrypted files – without the need to give into the demands of cyber criminals.
Paradise ransomware typically arrives in a malicious document attached to a phishing email, which if executed will encrypt the victim's files. Crooks then demand a ransom paid in bitcoin for their return.
Extensions of files locked with Paradise typically include ".paradise", ".2ksys19", ".p3rf0rm4", and ".FC" – and the ransomware can also encrypt backups in a move designed to ensure that the victim gives in and pays the ransom.
Security researchers at Emsisoft first released a free decryption tool for Paradise ransomware in November last year – and now they've updated it with additional capabilities to make it even more effective. Now the Paradise ransomware decryption tool can also decrypt files locked with ".stub", ".corp" and ".vacv2" extensions.
The decryption tool can be downloaded directly from Emsisoft – which, as of January 2020, has been downloaded over 11,000 times. The Paradise decryptor is also downloadable via Europol's 'No More Ransom' portal.
Paradise is sold to prospective criminal users 'as-a-service', providing those distributing it in their own campaigns with a simple means of deploying attacks and collecting ransoms – with the original authors taking a cut of any ransoms that are paid.
Researchers at Bitdefender – who've also released a free decryptor for Paradise – note that when executed on a Windows machine, the ransomware will check whether the keyboard language is set to Russian, Kazakh, Belarus or Ukrainian. If this is the case, the ransomware won't encrypt files and exits the system, something that likely points to the authors being from somewhere in this part of the world.
While victims of Paradise have the option to retrieve their encrypted files for free, ransomware remains successful because despite warnings from the authorities not to, a significant number of those organisations that fall foul of ransomware opt to give into the extortion demands of cyber criminals.
In many cases, organisations revert to this because they don't have backups – or the ransomware has also encrypted their backups as part of the attack – and want to get their operations resumed as soon as possible. However, by making sure they have regularly updated offline backups of their systems, organisations can avoid falling victims to this kind of malware.
MORE ON RANSOMWARE AND CYBERSECURITY
- 30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world
- US mayors resolve not to pay hackers over ransomware attacks CNET
- Ransomware: 11 steps you should take to protect against disaster
- Ransomware attacks on businesses up 365% this year TechRepublic
- Ransomware: Why we're still losing the fight – and the changes you need to make, before it's too late