Pizhon Ransomware
The Pizhon Ransomware is a file-locking Trojan that targets Russian victims. The Pizhon Ransomware blocks the user's media files and leaves multiple ransom notes that ask for money in return for an unlocking service. Users with secure backups can ignore the messages and recovery freely, and most PC security solutions will safely delete the Pizhon Ransomware.
Russia Gets More Problems for Its Hard Drives
Although the time between old Russia-connected Trojans like the Energy Ransomware and the FakeMBAM Backdoor is far from ancient history, new threats already are popping up in that area of the world. According to its much-duplicated ransom notes, the Pizhon Ransomware is trafficking in the files and ransoms of victims in that country precisely, although it could turn its sights elsewhere. The Windows threat has much in common with the Scarab Ransomware family, although malware experts see no special connection in the two entities' code.
The Pizhon Ransomware is a Windows threat that uses unknown algorithms for encrypting the user's media files, such as Word DOCs, Notepad TXTs, BMP pictures and more. Flagging its campaign differently from the hundreds of others is an extension with its name and a random-seeming string representing the victim's ID. However, the ransom note is, as usual, the aspect of the Pizhon Ransomware's payload that's worth more attention.
The Pizhon Ransomware delivers ransom notes into every folder with encrypted files and even drops them into base drive folders, including not just C but most other local and mapped drives. Malware experts verify that these extra text files are duplicates of the first one, which delivers TOR e-mail ransoming instructions in Russian. Users also can note the typical 'hxxp' exploit, which can trick some primitive security features into not recognizing that the link is a Web address.
Leaving Ransom-Hungry Trojans Out in the Cold
The Pizhon Ransomware confines most of its ransoming details to the TOR e-mail transactions that malware experts have yet to analyze. However, criminals may not provide any unlocking help, even if the victim pays upfront. The use of cryptocurrencies or vouchers makes refunding virtually impossible in these situations and emphasizes the danger of bargaining with even the most business-like of threat actors.
Simple backup solutions on other devices should provide most Windows users with recovery options for any media. The lack of investigation into its encryption routine also raises hopes, however slight, of a free decryption service's development, in the future. Victims also can rely on traditionally-appropriate security habits like using strong passwords, avoiding corrupted e-mail attachments, and disabling features like JavaScript for their safety.
Despite many parts of its identity needing more exploration, samples of this Trojan aren't evading security solutions' current heuristics to any significant degree. Reliable PC security software should quarantine this threat and remove the Pizhon Ransomware as necessary.
Still, even a total uninstall of the Pizhon Ransomware does little for the encryption-converted files. The rest of the world can be relieved that the Pizhon Ransomware attacks such a specific part of Asia, but whether that lasts or not is a guessing game that no one can afford to play.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.