PSCrypt is a ransomware based on GlobeImposter 2.0, a ransomware strain that’s been around for more than a year, and has evolved from the Globe ransomware family. Ukrainian users have been aggressively targeted during the past month with PSCrypt after XData and NotPetya.
The PSCrypt Ransomware Trojan is distributed to users via spam emails loaded with a macro-enabled Microsoft Word file. The document may be proposed to users as an invoice, order confirmation and message from a friend on a social media service. Either way, the file acts as an installer that includes a script which is loaded in Windows and issues commands that result in the installation of the PSCrypt Ransomware.
During data encryption, it appends .pscrypt file extension and makes data impossible to open. Once it’s done, this crypto-malware creates and saves a Paxynok.html file into every folder that contains encrypted data, including the desktop. The ransom note carries victim’s personal identifier and a message from cyber criminals which says that all files have been encrypted by PSCrypt. The letter suggests that the victim must buy Bitcoins at LocalBitcoins, Coinbase or XChange and then transfer a required sum to a provided Bitcoin wallet.
Cyber criminals ask to write them a letter via email@example.com email address which is also provided in the ransom note. The crooks suggest that their “operator will give the further instructions.” According to the ransom note, victims have to pay 2500 hryvnia (approximately 96 US dollars) in order to decrypt corrupted files. The cyber criminals provide an unusual ransom payment method – paying the ransom via IBOX terminal.
Malware not only encrypts files but also makes the system vulnerable. It might make various modifications in the system, create new or delete existing registry entries, and even open the backdoor to other cyber threats. Thus, having this malicious program installed on a device might lead to even more serious problems. It goes without saying that you should first make a copy of data back up done by Max Total Security and then format PC. Reinstall new operating system and then do data recovery.