Home Malware Programs Ransomware PXJ Ransomware

PXJ Ransomware

Posted: March 13, 2020

The PXJ Ransomware is a file-locker that you do not want to have to deal with. The PXJ Ransomware is incompatible with free decryption utilities, and it is able to execute a devastating file-encryption attack, which is guaranteed to cause long-term damage to your files. When the PXJ Ransomware is launched on an unprotected system, it will start off by performing several tasks that are meant to reduce the victims' chances of recovering their files. The PXJ Ransomware:

  • Empties the recycle bin.
  • Disables the Windows Recovery Console.
  • Disables the System Restore service and purges the Shadow Volume Copies.

After these steps are complete, the PXJ Ransomware will encrypt the contents of your images, videos, documents, archives, databases and other files. Whenever a file is locked, the PXJ Ransomware will modify its name by adding the '.PXJ' extension. To execute the file-encryption task, the PXJ Ransomware will use an AES key to encrypt the data, and then encrypt the AES key with the use of an asymmetric RSA key. The double encryption standard that the PXJ Ransomware uses enhances its efficiency and makes it nearly impossible to crack the cipher without the assistance of the perpetrators.

Finally, the PXJ Ransomware drops the file 'LOOK.txt,' which contains information about the attack and instructions for the victim. Users affected by the PXJ Ransomware's attack may be told to contact 'xvfxgw3929@protonmail.com' and 'xvfxgw213@decoymail.com' for data recovery instructions. The attackers promise to unlock one file for free, and warn victims that they will have to make a payment of a ransom fee if they wish to get all of their data back. While the ransom sum is not specified, the ransom message states that the fee will be doubled if it is not paid within three days. Last but not least, victims are told that failure to complete the ransom payment in seven days will result in the permanent deletion of their decryption key.

Currently, it is only possible to recover the files damaged by the PXJ Ransomware by restoring their original copies from a backup. It is not a recommended move to pay the ransom fee even if you do not have a backup copy available – the attackers may ask for a lot of money, and you never will be sure that you will not end up being tricked out of your money. For now, victims of the PXJ Ransomware should focus on removing the infection with the use of a reputable anti-virus scanner. Once the PXJ Ransomware is eradicated, the victims can start to experiment with popular data recovery tools and methods.

Loading...