Pay2Key Ransomware

Posted: November 9, 2020

Pay2Key Ransomware Description

The Pay2Key Ransomware is a file-locking Trojan that blocks the data on companies' networks while generating unique ransom notes for them. Its attacks are using RDP for initial infections and network access, which admins can prevent partially by updating all relevant software and avoiding weak passwords. Businesses without appropriate backups may have no other recovery options, although Windows security solutions may remove the Pay2Key Ransomware in time.

An Hour is All It Takes for a Hundred Thousand Dollar Attack

The appearance of file-locker Trojans with code not related to a past family is always influential to the threat landscape. It's even more so when the Trojan, like the Pay2Key Ransomware, has well-defined targets and operational procedures. While standard in its blocking data method, this Trojan sets itself above similar threats with unorthodox programming and demographics.

The fundamentals of the Pay2Key Ransomware's payload flow through an associated configuration file, which defines the Trojan's encryption targets by format, the extension it adds to them after blocking them and its ransom note. However, it retains most attack capabilities without it and merely reverts to default settings (such as the 'enc' extension). As usual, its encryption routine is AES with RSA and is secure from third-party solutions.

The Pay2Key Ransomware's programmer shows an interest in what malware experts rate as unusual programming choices. Some examples of their creativity include retaining server connectivity for encryption, funneling all C&C contact through a proxy on the network, and using less popular or customized containers and functions. After compromising the target by hijacking the Remote Desktop feature, the attacker spreads the Pay2Key Ransomware to the rest of the network in roughly one hour, usually during a time of low user activity (such as the middle of the night). The Pay2Key Ransomware delivers its ransom note after sabotaging the files, with average ransoms starting at ninety thousand dollars.

Knocking Middle Eastern Trojans Off Their Comfortable Footing

Some of the Pay2Key Ransomware's naming conventions may lead to confusion among victims. It isn't related to the Pay 2 Key UTXO token contract – despite the threat actor's hijacking its image for their Keybase account. Samples also imply that the Pay2Key Ransomware called itself Cobalt previously, but malware experts see no ties between it and the Cobalt backdoor Trojan or Cobalt Strike.

Israel-based companies are highly at risk from this threat, which has yet to show itself outside of that nation. However, technically, its features apply just as well to Windows users around the world and other, non-secure business networks. Admins should check RDP for security, make prompt use of security updates, and avoid potentially corrupted e-mail downloads, such as macro-using documents.

Readers also might note that the Pay2Key Ransomware asserts the theft of company information for leaking to the public, which occurs in some file-locker Trojans' campaigns, but has yet to receive verification here. For protection, malware analysts emphasize the need for comprehensive backups and security services that should remove the Pay2Key Ransomware on sight.

The Pay2Key Ransomware is an engagingly unique threat from a programming standpoint. That its methods of generating revenue aren't much different from those of the more vanilla Ransomware-as-a-Services out there demonstrates that extortionist file-locking campaigning is a near-perfected art, even if the picture it paints is far from pretty.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Pay2Key Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Pay2Key Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.