Payfast Ransomware is Another Variant of the Powerful ZEPPELIN Ransomware
Attackers often encrypt a victim’s files using methods that include asymmetric cryptography and then present their demands for ransom payments in return for a unique decryption key that should restore affected files.
The countless ransomware strains populating the cybersphere today generally spread via spam emails. These emails contain typically an infected attachment disguised as a legitimate file that initiates the download of the malicious code once the victim clicks it. Ransomware can also be distributed via malicious sites on the dark web and drive-by downloads.
One of the more dangerous strains of malware out there is known as Payfast Ransomware. Payfast Ransomware is a variant of the better-known ZEPPELIN Ransomware strain. Victims will know that they are infected with Payfast Ransomware as a result of “.payfast” being appended to all affected files and the specific identification number assigned to the victim. The hackers behind Payfast Ransomware will also drop a ransom note on the victim’s desktop named “!!! ALL YOUR FILES ARE ENCRYPTED !!!. TXT.”
The hackers behind Payfast Ransomware are looking for a quick score of $500 dollars in Bitcoin. They request that the funds be transferred to the crypto-wallet provided and warn that the ransom amount will rise the next day if not paid immediately. Like other ransomware infections, including those in the STOP/Djvu family, the hackers offer to decrypt one file for free via the emailpayfast500@mail2tor.com. The hackers then promise to provide the decryption key needed to recover the data once the ransom has been fully paid.
Mitigating Damages and Preventing the Payfast Ransomware Infection
Although it always seems easiest to play ball with hackers and pay up, we never recommend victims do so. There is no guarantee that you will receive a decryption key for the files, and complying with their requests only encourages the criminals to continue with their schemes. Instead, we recommend that you scan your system and remove infections like Payfast Ransomware using a reputable malware remediation tool.
