Paradise malware: What it is, how it works and how to prevent it | Malware spotlight

Introduction

Meet Paradise, a malware that has been lurking in the wild since 2017. While it may not be a vacation in a tropical locale, it certainly can be a nightmare for users afflicted by it. 

This article will detail the Paradise malware. We’ll explore what Paradise is, how it works and how you can avoid falling victim to this little-known malware.

What is Paradise?

First reported by an affected user in the BleepingComputer forums, Paradise is a type of ransomware whose recent variants use phishing emails with malicious IQY file attachments to gain a foothold on a system. This recent variant presents us with a new step in Paradise ransomware that makes it stand out from other ransomware and will be the focus of this article. 

If a user ends up downloading this IQY file, Paradise performs different actions typical to ransomware, such as encryption of files. It also drops a ransom note informing the user that the files have been encrypted by the Paradise ransomware and how to get these files decrypted in exchange for payment in Bitcoin. It is not clear from the ransom note how many Bitcoins are required for the user to have their files decrypted, but it does provide instructions for how they can go about purchasing Bitcoins and a Paradise contact email. 

Note: We include these details only for education. We do not endorse making ransomware payments or working with the criminals behind the attack.

What makes Paradise hard to ignore after it has attached itself to a computer is that it targets important productivity files: documents, videos and images with extensions including .doc, .docx, .pdf and .xls. This ransomware is a threat for all Windows versions from Windows 7 to Windows 10.

How does Paradise work?

Paradise uses spam (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/_g_ocKRitZY/