Pzdc Ransomware
Ransomware threats usually aim to cause as much damage as possible, and this is why their creators configure them to encrypt a huge variety of file formats. However, a new file-locker has emerged on the horizon, and it appears to be much more precise about the files it encrypts – the PZDC Ransomware only locks the contents of databases. This file-encryption Trojan appears to be propagated via phishing emails that are likely to target companies and organizations – it is unlikely that the authors want to target regular users, since the PZDC Ransomware does not bother causing damage to files that are not databases.
Sadly, while the damage that the PZDC Ransomware causes is limited, it is still enough to put a company out of business for a while if it manages to take their database(s) hostage. Every file that this ransomware locks will have its name changed to include the '.pzdc' extension. The attackers have also made sure to add a feature that creates a ransom note for the victim to read – this file is stored under the name '1_VIRUS-SHIFROVALSHIK.txt.' It is possible that the authors may originate from Russia since they use a Russian name for the ransom note, as well as a Russian website for contact.
The contents of the ransom message reveal the intentions of the PZDC Ransomware's authors – they tell you that there is nothing to worry about if you are an average user since their threat does not encrypt documents, images, etc. However, they do warn their victims to be more careful about the files they download, since they might not be that lucky next time.
The second part of the ransom note is where the valuable information is – the attackers state that the company's databases have been encrypted and that they want to receive 100 Monero (XMR) in exchange for a decryptor. They also inform their victims that they can be contacted by using a special chat feature in the TOR-based Russian portal 'Runion.'
It seems like the authors of the PZDC Ransomware mean serious business judging by their choice of targets, as well as by the fact that they use one of the most infamous underground Russian hacking portals. We advise you not to accept the offer of the attackers since there is no guarantee that your data will be recovered if you pay them. Unfortunately, restoring your database might be a very daunting task, especially if you do not have an up-to-date backup copy. The suggestion is to make sure to eliminate the PZDC Ransomware with the help of an anti-virus scanner, and then look into reputable data recovery options.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.