Decrypt Files Encrypted by Pink Philadelphia Virus - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Decrypt Files Encrypted by Pink Philadelphia Virus

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Pink Philadelphia and other threats.
Threats such as Pink Philadelphia may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article is created to help you remove the Pink Philadelphia “YOU HAVE BEEN EXPOSED!” virus and decrypt encrypted files for free.

A ransomware virus part of the Philadelphia viruses which are believed to be part of the Stampado viruses has been detected in the wild. The virus encrypts the files on the compromised computers by it after which uses a pink ransom note in which it notifies the user he or she is accused of watching illegal porn. The virus then demands 0.05 BTC to be paid to a custom BitCoin wallet and gives a 3 day deadline with a Russian roulette function deleting a random file every 3 hours. The good news is that this virus is decryptable and If you have been infected read this article to learn how to restore your encrypted files for free.

Pink Philadelphia Ransomware – More Information

Pink Philadelphia’s Distribution

Similar to Philadelphia ransomware’s original variant, this virus variant is also believed to be redistributed via fake letters attached to e-mails which are latter sent to users on a massive scale. One of those letters was the fake notice from Brazil’s finance ministry:

The fake notice may be accompanied by a JavaScript which is obfuscated and will connect to a command and control server after which download Pink Philadelphia’s malicious payload on the user’s computer.

Pink Philadelphia Virus – Malicious Activity Post-Infection

After an infection is complete, the Pink Philadelphia virus may drop the malicious files on multiple different folders, Some of the files have been identified to have random names and be executable type of files, located in:

→ C:/Users/{UserProfile}/{random name}

Then, the Pink Philadelphia virus may begin to create multiple different modified Windows registry value strings. One of the targeted Windows registry sub-keys is reported to be the following:

→ HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update

Then, the virus may begin to encrypt important files on the infected computer, making them no longer able to be opened. It is most likely pre-configured to encrypt files with the following file extensions:

→ .7z;.asp;.avi;.bmp;.cad;.cdr;.doc;.docm;.docx;.gif;.html;.jpeg;.jpg;.mdb;.mov;.mp3;.mp4;.pdf;.php;.ppt;.pptx;.rar;.rtf;.sql;.str;.tiff;.txt;.wallet;.wma;.wmv;.xls;.xlsx;.zip

Then, the virus drops it’s ransom note, which has the following content:

“YOU HAVE BEEN EXPOSED!
NOW listen to me,
I do not want to remind you of the moral or legal implications of unauthorized access to private information ,
like nude pics or downloading pornographic materials stolen from innocent people.
Read more about it under internet laws 18 U.S.C. 2257.
Encrypting your personal files is one step to proof that to you what will happen if you do not adhere to our advice.
Next line of action, We will delete 1 file every 3 hours from your PC.
Then, after 72 hours we will delete all of your files COMPLETELY including system and program files which we have already infected.
Your ransom fee is 49 USD, pay this and walk away unharmed forever. The two choices you have is to either pay the ransom or say goodbye to your current PC and all of your personal files that we have encrypted.
You will agree with me that 49USD is not an excessive outlay compared to the worth or value of your PC.
You can try to reformat your hard disk, but your machine ID is locked in your bios.
This means our malware on your PC will infect your new hard disk once again, when it’s plugged in.
Considering the pain of the victims of this iCloud hack, this ransom attack can serve as a therapy or lesson for you to get off the nudity/pornography habit.
So, if you don’t know where to buy Bitcoin, ask Google. If you care about buying bitcoin anonymously then ASK GOOGLE.
All the people on your contact list and server will get a notification that you have tried to access nude pics/porn, hence an Invitation to their mailbox.
Do not contact us if you are not paying; just throw your PC to the trash bin if you are not willing to pay the 49usd.
I hope this kind of therapy will teach you a lesson.
//PurplePR – Anti-theft Team (C)s.”

Fortunately there is a decryptor developed by Emsisoft and we have created the instructions on how to remove the virus and how to decrypt files encrypted by Pink Philadelphia.

Philadelphia Ransomware – Removal and Decryption Instructions

Before deciphering your files with the tool, created by Fabian Wosar, a researcher from EmsiSoft, we strongly recommend removing Philadelphia first. One way to do this is by following these removal instructions

Note! Your computer system may be affected by Pink Philadelphia and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Pink Philadelphia.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Pink Philadelphia follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Pink Philadelphia files and objects
2. Find files created by Pink Philadelphia on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Pink Philadelphia

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...