PayDay virus appears to be created by Portuguese-speaking criminals who created this ransomware virus using parts of HiddenTear source code. The virus aims to make personal data stored on the computer (photos, videos, documents, etc.) inaccessible, so it encrypts them with a sophisticated AES cipher. Now it appears that ransomware authors find the encryption procedure “sexy,” as apparently they have programmed the virus to append .sexy file extensions to encrypted data. The data encryption procedure can take up to a few hours and usually there are no signs that would help you understand that the system is being corrupted, because the virus works silently. You might notice system slowdowns but that’s all; the computer can slow down for a number of different reasons, and ransomware is definitely not the first thing that comes to mind. Once the virus renders all target files into useless pieces of data, it creates a HyperText Markup Language format file called !!!!!ATENÇÃO!!!!!.html and saves it on user’s desktop. The ransom note opens via web browser and explains (in Portuguese) that files have been encrypted and now the victim needs to pay up if he/she wants to see or use them ever again. The virus asks for R$950, which is approximately 286 USD. The virus refuses to receive the ransom in any other currency but Bitcoins, as this way authors of this ransomware can receive money and stay anonymous. Perpetrators leave a contact email address in case the victim wants to ask something – [email protected]
You shouldn’t fall for PayDay ransomware threats and get rid of this virus as soon as you can because it is yet another decryptable HiddenTear variant. Remove PayDay virus using guidelines given below and then prepare for data decryption process, which will convert all .sexy files into normal ones. You can find decryption instructions below the article, right below PayDay removal guide.
When did I download the malicious file and why I didn’t notice anything suspicious about it?
Ransomware is typically delivered via phishing emails, malware-laden advertisements and also through exploit kits. Malicious emails seek to trick victims into opening files attached to them, which contain the main virus’ file or a Trojan that downloads ransomware after a specified period. What is more, you can be redirected to malicious websites after clicking a deceptive ad online. We suggest you stay away from advertisements that promise too good to be true offers. It is also a good idea to ignore ads from questionable third-party sites, especially if they urge you to install “required updates.” Such updates are typically bundled with malicious components. Finally, beware of exploit kits, who waylay in compromised or simply infectious websites and try to exploit software vulnerabilities in visitors’ computers.