The Payola virus belongs with the ransomware type of malicious agent. A harmful program of this type encrypts all the data on your PC (photos, text files, excel tables, music, videos, etc) and adds its own extension to every file, creating the Recovery_Guide.html text files in every folder which contains the encrypted files.
What is Payola virus?
Payola appends its extra .Payola extension to the name of every encoded file. For instance, an image named “photo.jpg” will be turned into “photo.jpg.Payola”. Just like the Excel file with the name “table.xlsx” will end up as “table.xlsx.Payola”, and so forth.
In every directory containing the encrypted files, a Recovery_Guide.html text document will be created. It is a ransom money memo. It contains information about the ways of contacting the racketeers and some other remarks. The ransom note usually contains a description of how to purchase the decryption tool from the racketeers. You can get this decoding tool after contacting [email protected] by email. That is it.
Payola Summary:
| Name | Payola Virus |
| Extension | .Payola |
| Ransomware note | Recovery_Guide.html |
| Contact | [email protected] |
| Detection | Win32/Filecoder.Conti.L, Win32:PWSX-gen [Trj], PWS:Win32/Fareit!MTB |
| Symptoms | Your files (photos, videos, documents) have a .Payola extension and you can’t open them. |
| Fix Tool | See If Your System Has Been Affected by Payola virus |
The Recovery_Guide.html document coming in package with the Payola ransomware provides the following frustrating information:
All your Important Files Are Stolen And Encrypted By Payola Ransomware You must to pay for decryption in the form of Monero And Bitcoin. The price depends on how quickly you contact us. After payment is received, you will receive the decryption software. You have exactly 48 hours to contact us and pay the fee. Failure to do so will result in the price being doubled. If no reply is received within 24 hours, contact any of the following: [email protected] [email protected] t.me/file_recover Your Time is Running Out 1d,23:57:19 For The Price To Be Doubled If the timer runs out before payment is received, the decryption key will be deleted, and your files will remain encrypted permanently. All stolen data will also be leaked publicly on Tor or sold to the highest bidder. This is a one-time payment. After the ransom is paid, we will not come back. If you prefer not to pay, we may sell your personal data, including account logins, credit cards, and banking data. How Can Our Claims Be Verified? Before paying, you can send us up to 3 test files for free decryption. The total size of files must be less than 2MB (non-archived), and files should not contain valuable information (databases, backups, large Excel sheets, etc.). WARNING! DO NOT pay any money before decrypting the test files. DO NOT trust any intermediary. They won\'t help you, and you may be a victim of a scam. Contact us directly for support during the recovery process. DO NOT reply to other emails. ONLY these two emails can help you. DO NOT rename encrypted files, as this is how the decryption software identifies which files to decrypt. DO NOT try to decrypt your data using third-party software, as it may cause permanent data loss. Decryption of your files with the help of third parties may result in an increased price or make you a victim of a scam. Your Unique ID -
In the picture below, you can see what a folder with files encrypted by the Payola looks like. Each filename has the “.Payola” extension appended to it.
That is how encrypted “.Payola” files look.
How did Payola ransomware end up on my PC?
There is a huge number of possible ways of ransomware infiltration.
Nowadays, there are three most popular methods for tamperers to have ransomware working in your digital environment. These are email spam, Trojan infiltration and peer-to-peer file transfer.
- Another option for ransom hunters is a Trojan file model. A Trojan is an object that infiltrates into your machine disguised as something legal. For instance, you download an installer of some program you want or an update for some service. However, what is unboxed reveals itself a harmful program that corrupts your data. As the installation package can have any name and any icon, you have to make sure that you can trust the resource of the things you’re downloading. The best thing is to use the software companies’ official websites.
- As for the peer-to-peer file transfer protocols like torrent trackers or eMule, the threat is that they are even more trust-based than the rest of the Internet. You can never guess what you download until you get it. So you’d better be using trustworthy resources. Also, it is a good idea to scan the folder containing the downloaded items with the anti-malware utility as soon as the downloading is complete.
How to remove ransomware?
It is important to note that besides encrypting your files, the Payola virus will probably install Vidar Stealer on your machine to seize your credentials to various accounts (including cryptocurrency wallets). That program can derive your credentials from your browser’s auto-filling cardfile.
How сan I avert ransomware injection?
Payola ransomware has no superpower, so as any similar malware.
You can armour your computer from ransomware attack taking several easy steps:
- Ignore any letters from unknown mailers with strange addresses, or with content that has likely no connection to something you are expecting (can you win in a lottery without participating in it?). In case the email subject is more or less something you are expecting, check all elements of the questionable letter with caution. A hoax letter will surely contain a mistake.
- Avoid using cracked or unknown software. Trojans are often shared as a part of cracked products, possibly under the guise of “patch” preventing the license check. But dubious programs are difficult to tell from trustworthy software, because trojans sometimes have the functionality you seek. Try searching for information on this program on the anti-malware message boards, but the optimal solution is not to use such software.
FAQ
🤔 How can I open “.Payola” files?Are the “.Payola” files accessible?
There’s no way to do it, unless the files “.Payola” files are decrypted.
🤔 What should I do to make my files accessible as fast as possible?
Hopefully, you have made a copy of those important files. Otherwise, you might try to employ System Restore. The only question is whether you have saved any Restore Points that would be helpful now. The rest of the methods require patience.
🤔 What actions should I take if the Payola malware has blocked my computer and I can’t get the activation key.
🤔 What could help the situation right now?
Some of the encrypted files can be located elsewhere.
- If you sent or received your critical files via email, you could still download them from your online mail server.
- You might have shared photographs or videos with your friends or family members. Just ask them to send those images back to you.
- If you have initially downloaded any of your files from the Internet, you can try doing it again.
- Your messengers, social media pages, and cloud disks might have all those files as well.
- It might be that you still have the needed files on your old computer, a portable device, phone, memory stick, etc.
USEFUL TIP: You can employ file recovery programs1 to retrieve your lost information since ransomware encodes the copies of your files, deleting the original ones. In the tutorial below, you can see how to use PhotoRec for such a restoration, but remember: you can do it only after you kill the ransomware itself with an anti-malware program.
I need your help to share this article.
It is your turn to help other people. I have written this article to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan SmithReferences
- Here are Top 10 Data Recovery Software Of 2023.
Leave a Comment