PizzaCrypts is the name of a ransomware virus, which uses the Neutrino exploit kit as the primary distribution method. It encrypts files and wants Bitcoin currency as a ransom payment. The extension this ransomware appends to all encrypted files is .id-[id number]-firstname.lastname@example.org. To remove the ransomware and see how to restore your files, you should read the article till the end.
|Short Description||The ransomware will encrypt all of your files and show a ransom note, giving out contact emails to be used for communication about the ransom payment.|
|Symptoms||The ransomware asks for Bitcoins after encryption and puts.id-[id number]-email@example.com as the extension to each file.|
|Distribution Method||Exploit Kits, Spam Emails, File Sharing Networks|
See If Your System Has Been Affected by PizzaCrypts
Malware Removal Tool
|User Experience||Join Our Forum to Discuss PizzaCrypts.|
PizzaCrypts Ransomware – Infection Spread
PizzaCrypts ransomware is mainly infecting computers through the Neutrino Exploit Kit and possibly some others. The exploit kit usually seeks for older versions of Flash and exploits their vulnerabilities to deliver the payload of the ransomware.
PizzaCrypts might also be spread with spam emails. Emails like that often have some files attached inside. Opening the attachment will trigger the malicious code to infect your computer. Another possibility of a user getting his PC infected could be through social media or file sharing networks. Malicious files might be lurking there as well if the ransomware creators or other criminals have put them there. Avoiding that possibility for infection is doable if you are very careful with what you do on the Internet.
PizzaCrypts Ransomware – Technical Details
PizzaCrypts is a new ransomware that a researcher called Brad has found recently.
The ransomware is named after a part of the extension it places on encrypted files, which is also one of the emails given for contact.
After encryption, the PizzaCrypts ransomware leaves two emails for contact:
The PizzaCrypts ransomware may create the following registry key:
The registry key will enable the ransomware to start at the same time the Windows operating system starts.
You can view a screenshot of the ransom note text file “Pizzacrypts Info.txt” right here:
The text form of the ransom note is written below:
All your files are encrypted cryptographically strong algorithm!
Decoding is not possible without our help!
In order to start the process of decoding the files, you need to contact us on the below
contacts, attached the example of an
– Primary email: firstname.lastname@example.org
– Secondary email: email@example.com
– Bitmessage: BM-NBRCUPTenKgYbLVCAfevuHVsHFK6ue2F
How To use Bitmessage see https://www.youtube.com/watch?v=ndqlffqCMaM
We encourage you to contact us for all three contacts!
– Very important:
We recommend to write email us with gmail address, otherwise your email may not reach us !
Do not try to decrypt files by third-party decipherers, otherwise you will spoil files!
From the ransom note, it becomes apparent that the ransomware creators want you to contact them in all three ways they have given and to use a Google mail address. Probably they might delete some of the contact details to cover their tracks, and the emails they use might have block filters for other mail services. The amount you have to pay for file decryption is not stated.
Do not pay the ransom as no guarantee could exist that you will get your data back if you do so. Although the ransom note states that tampering with your files might damage them – this might just be an empty threat. Read on, to find out how you might recover some of your files.
The PizzaCrypts ransomware probably uses some military algorithm for encryption or at least it claims it is a strong one. The file extensions list which the ransomware searches to encrypt is not fully known, but the following file extensions are encrypted:
→.jpeg, .docx, .doc, .jpg, .bmp, .png, .xlsx, .pptx, .rtf, .odt, .ods, .pdf, .ppt, .xls
After the completion of the encrypting process, files on your computer machine will have another extension appended to them – .id-[id number]-firstname.lastname@example.org.
PizzaCrypts ransomware is not reported to delete Shadow Volume Copies from the Windows operating system. Read the article to the end to see how you can try restoring your files.
Remove PizzaCrypts Ransomware and Restore .id-[id number]-email@example.com Encrypted Files
If your computer system is infected with the PizzaCrypts ransomware, you should have some experience in removing malware. You should get rid of this ransomware as fast as you can before it encrypts more files and distributes further on the network you use. The recommended action for you to take is to remove the ransomware effectively by following the step-by-step instructions manual provided down below.
Manually delete PizzaCrypts from your computer
Note! Substantial notification about the PizzaCrypts threat: Manual removal of PizzaCrypts requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.