You need to delete the malware from your PC first of all, otherwise, it will lock your device or cipher your data several times. In case your current anti-virus tool does not delete this malware, it can be deleted with the help of GridinSoft Anti-Malware.
In case your system was infected by means of the Windows Remote Desktop function, we also strongly advise that you change all the passwords of all available users that are permitted to log in on a remote basis and inspect the local user accounts for the availability of other extra accounts that the online frauds could possibly generate.
Note: This tool does not require an active internet connection.
Bitdefender Lab announced a decryption tool for Paradise Ransomware.
About Paradise Ransomware
Paradise Ransomware, initially discovered in 2017. It has been marketed as a affiliates service (ransomware as a service – Ransomware-as-a-Service).
This ransomware encrypts user data using RSA-1024, and then requires a ransom in #BTC to return the files. After infection, Paradise virus checks the keyboard language for Russian, Kazakh, Belarus or Ukrainian language and, if so, exits without encrypting. Otherwise, it encrypts files and deletes shadow copies to prevent the user from restoring them.
After encryption, it displays a ransom message:
All your files was encrypted! Paradise R Team! Ur unique ID XXXXXX Your personal KEY XXXXX NOTE! All your important data that was stored on this computer have been locked due a security problem. To back them, write to us by е-mail,. You have to pay in Bitcoins. After payment we will send you the special software for decrypt that will back all your files. DO YOU NEED A PROOF? Before payment you can send us 1-3 files , and we back you restored files for free. File size should not exceed 1MB. Please note that files must NOT contain valuable information. HOW TO PAY We accept payments in bitcoins, but you do not need to be able to use bitcoins. You do not need a bitcoin purse. I will explain how you can pay using ANY currency in any way convenient to you. Communication Email: blackblackra@tuta.io or Email: blackblackra@tuta.io Warning! Do not rename files Do not try to back your data using not our software, it may cause permanent data loss(If you do not believe us, and still try to - make copies of all files so that we can help you if third-party software harms them) As evidence, we can for free back one file Decoders of other users is not suitable to back your files - encryption key is created on your computer when the program is launched - it is unique.
The new Paradise decryptor can restore the following file extensions:
- .FC
- .2ksys19
- .p3rf0rm4
- .Recognizer
- .VACv2
- .paradise
- .CORP
- .immortal
- .exploit
- .prt
- .STUB
- .sev
- .sambo
Download the decryption tool below and save it on your computer.
Example of use decryption tool
BDParadiseDecryptor.exe start -path:"C:\" -> the tool will start with no GUI and scan C:\
BDParadiseDecryptor.exe start o0:1 -> the tool will start with no GUI and scan the entire system
BDParadiseDecryptor.exe start o0:1 o1:1 o2:1 -> the tool will scan the entire system, backup encrypted files and overwrite present clean files
