Home Malware Programs Ransomware Pethya Zaplat Zasifrovano Ransomware

Pethya Zaplat Zasifrovano Ransomware

Posted: November 6, 2020

The Pethya Zaplat Zasifrovano Ransomware is a file-locking Trojan that targets Czech speakers. This threat may block files, create pop-up alerts with ransom demands, change the user's wallpaper, and change extensions. Adequate backup precautions will stop any extortion leverage from occurring during infections, and professional PC security services should block and remove the Pethya Zaplat Zasifrovano Ransomware.

A Tactic for Those with Guilty Consciences

A possible variant off of the Xorist Ransomware is attacking Czech Windows users in multiple ways, some of which do long-term damage to their PCs. While malware experts have yet to confirm any other threat relationships, the Pethya Zaplat Zasifrovano Ransomware bears many symptoms in common with that free-to-use family. Notably, the threat actor responsible for it is adding some unimpressive scare-mongering along with its default attacks.

Of most concern to any victims is that the Pethya Zaplat Zasifrovano Ransomware locks files with an encryption routine, its strength unknown. As usual, the procedure also adds an extension ('pethya zaplat zasifrovano,' roughly translating to 'pay encrypted') and tends to impact documents, pictures, archives, and similar media. Users have several ransom notes for viewing and considering purchasing the threat actor's decryption help: a desktop wallpaper, a text note, and a pop-up window.

What malware researchers see as most significant about the Pethya Zaplat Zasifrovano Ransomware is its language preferences and the details of its warning messages. Unusually, it targets Czech speakers, contrasting with the English or, sometimes, Russian priorities of other file-locking Trojans. The Pethya Zaplat Zasifrovano Ransomware also claims that it's monitoring the victim's PC and recording their webcam footage and Web-browsing behavior, with spying implications on erotic browsing pastimes. This extra extortion leverage has no basis in reality but adds more pressure to any negotiations on top of any blocked digital media.

Digital Liars with High Expectations

The Pethya Zaplat Zasifrovano Ransomware claims that it includes RAT, or Remote Access Trojan, features and is already collecting data by the time its ransom notes appear. Malware researchers see no basis for these warnings and recommend that users treat the Pethya Zaplat Zasifrovano Ransomware the same as other, low-level file-locking Trojans. However, its payload does represent one significant risk: the possible locking and permanent loss of documents and other files.

After converting from Czech koruna, the Pethya Zaplat Zasifrovano Ransomware's ransom amounts to over a thousand USD in value. A free decryption solution is available online and may recover any files affected by the Pethya Zaplat Zasifrovano Ransomware's encryption routine. Still, malware experts recommend against paying due to criminals not always honoring their agreements – emphasized by the Pethya Zaplat Zasifrovano Ransomware's lying to victims from out of the gate.

Current samples endanger only Windows systems. Committed anti-malware products should delete the Pethya Zaplat Zasifrovano Ransomware right away and not leave the Trojan any opportunities for locking files.

The Pethya Zaplat Zasifrovano Ransomware has no qualms about slipping some extra danger into its alerts, even if it's making up problems and piling them on top of real ones. This shotgun scatter-like approach can serve Trojans well, as long as users forget all the basics of PC security and data redundancy.

Loading...