PAAS Ransomware, Another Member of the STOP/Djvu Ransomware Family, Holds Victims’ Files Hostage & Demands a Ransom
Although most of the tech-related headlines we see reference larger ransomware attacks, including May of 2021’s Colonial Pipeline attack and the attack against the Irish Healthcare System from later in that same month, they represent only a small portion of the total ransomware attacks seen globally. The truth is, ransomware attacks can also victimize individual users, and one major reason for that is the STOP/Djvu Ransomware family.
This prolific ransomware group seems to unleash an updated version of its malicious code on what feels like a daily basis. Among the more recent additions to the family is PAAS Ransomware. PAAS Ransomware received its name because it appends affected files with the ‘.PAAS’ suffix. This strain of ransomware works identically to the other members of the STOP/Djvu Ransomware family. Like most other ransomware strains, it spreads mostly via spam emails, social engineering, and compromised websites.
The PAAS Ransomware Experience
Users will unknowingly download PAAS Ransomware and suddenly find that their personal files have been encrypted and rendered inaccessible. They will notice that the affected files have been appended with the ‘.PAAS’ suffix and that a ransom note now exists on their desktop in the form of the ‘_readme.txt‘ document. The hackers request a payment of $980 for file decryption but are willing to lower that request to $490 in return for prompt payment within 72 hours.
The ransomware owners also provide the victim with contact information in the form of 2 emails, helpteam@mail.ch and helpmanager@airmail.cc. Should victims communicate via the emails provided, they will be asked to send one locked file to be decrypted for free as proof that the ransomware operators can unlock the victim’s files after receiving payment. We strongly recommend that you do not communicate with the hackers and you refrain from paying any ransom, as paying does not guarantee file decryption or resolution to the problem.
If your files were encrypted with an offline encryption key, it might be possible to get them back with a public decryption tool developed for the STOP Ransomware infection. However, if PAAS Ransomware used an online encryption key, getting the files back becomes almost impossible. Therefore, we strongly recommend users keep backups of their files to mitigate the trouble caused by the ransomware infection. Additionally, we also recommend that you use a reputable anti-malware tool to regularly scan for and remove infections like PAAS Ransomware from your system.
If you are still having trouble, consider contacting remote technical support options.
