Remove PayDay Ransomware and Restore .sexy Files
THREAT REMOVAL

Remove PayDay Ransomware and Restore .sexy Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by PayDay Ransomware and other threats.
Threats such as PayDay Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Attention! This article will help you remove PayDay ransomware successfully. Follow the ransomware removal instructions below carefully.

PayDay ransomware is a Portuguese cryptovirus named after the popular game of the same name – Payday. The ransom price that it demands for decrypting your files is R$950 which is nearly 300 US dollars. The virus will encrypt your files and put the extension .sexy to every one of them. Read on to see ways for you to try and restore some of your files.

Threat Summary

NamePayDay Ransomware
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware will encrypt your files and then display a ransom note with instructions for payment in the Portuguese language.
SymptomsThe ransomware will encrypt your files and put the extension .sexy to each one of them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by PayDay Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss PayDay Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

PayDay Ransomware – Infection

PayDay ransomware can spread its infection using various methods. One of those methods is by distributing the payload as an executable file. That .exe file distributes the ransomware and when it is executed, the malicious script inside it infects your computer device. You can view the analysis of the executable in question, which contains the payload on the VirusTotal website, from the following screenshot:

PayDay ransomware could be spreading its payload on social media sites and services for file-sharing. The malicious script can be hidden inside the setup of applications, which are promoted as useful and legitimate. Do not be opening files from suspicious sources such as links and e-mails. You should always scan downloaded files with a security application and check their size and signatures for anything that seems irregular. You should read the tips about ransomware prevention from the corresponding forum topic.

PayDay Ransomware – Detailed Analysis

PayDay ransomware is a cryptovirus that uses an image in its ransom note taken from the popular video game “Payday”. That is also the theme of this virus.

When PayDay ransomware encrypts your files, it will place the extension .sexy as the extension of every file that is locked. The ransomware is highly likely to create entries in the Windows Registry to achieve persistence. Such registry entries can make the cryptovirus start automatically with every boot of the Windows operating system.

When the process of your files getting encrypted is finished, a screen with the ransom message will appear on your desktop. That message contains instructions for payment and the demands of the cybercriminals for unlocking your files in the Portuguese language. The file is called !!!!!ATENÇÃO!!!!!.html. You can view the ransom message from the picture below:

The ransom note reads the following:

Seus arquivos foram Sequestrados!
TODOS os seus documentos, banco de dados, downloads, fotos e outros arquivos importantes foram criptografados utilizando o algoritmo AES (mesma criptografia utilizada pelo governo do EUA) com uma senha alfa-numérica de 150 caracteres gerada a partir deste computador e enviada para um servidor secreto na Internet onde somente eu tenho acesso.
O que fazer?
Para obter essa senha e descriptografar seus arquivos, você terá que pagar uma quantia de R$950,00 em BTC (BITCOIN). Para efetuar o pagamento e obter a senha, siga este pequeno manual:
1. Crie uma carteira BTC aqui: ***blockchain.info/***
2. Compre R$950,00 BTC com dinheiro em: ***
3. Envie os BTCs comprados para o endereço: *****
4. Acompanhe a transferência em: ***blockchain.info/address/***
5. Após o pagamento ser confirmado, envie-me um email requisitando a Senha: [email protected]
6. Logo após, enviarei um arquivo compactado contento dois arquivos: um Decrypter em .exe e a Senha em um .txt
O que é Bitcoin:
Importante:
1. Ninguém pode te ajudar, a não ser eu!
2. Vocé tem apenas 120 Horas (5 dias) para efetuar o pagamento, caso o contrario eu deletarei a senha.
3. É inútil instalar/atualizar o software Anti Vírus, formatar o computador, fazer BO na delegacia, etc.
4. Seus arquivos só poderão ser descriptografados depois do pagamento.
5. Após vocé descriptografar seus arquivos, formate seu computador, instale um bom Anti Vírus e tome mais cuidado onde clica 😉

A rough English translation would look like the following:

Your files have been hijacked!
ALL of your documents, database, downloads, photos, and other important files were encrypted using the AES algorithm (same encryption used by the US government) with a 150 character alpha-numeric password generated from this computer and sent to a server Secret on the Internet where only I have access.
What to do?
To get this password and decrypt your files, you will have to pay an amount of $ 950.00 in BTC (BITCOIN). To make the payment and obtain the password, follow this small manual:
1. Create a BTC portfolio here: *** blockchain.info/***
2. Buy R $ 950,00 BTC with money in: ***
3. Send the purchased BTCs to the address: *****
4. Follow the transfer on: *** blockchain.info/address/***
5. After payment is confirmed, send me an email requesting the Password: [email protected]
6. Soon after, I will send a compressed file containing two files: a decrypter in .exe and the Password in a .txt
What is Bitcoin:
Important:
1. No one can help you but me!
2. You only have 120 Hours (5 days) to make the payment, otherwise I will delete the password.
3. It is useless to install / update the AntiVirus software, format the computer, do BO in the police station, etc.
4. Your files can only be decrypted after payment.
5. After you decrypt your files, format your computer, install a good AntiVirus and be more careful where you click;)

The ransom price that the cryptovirus demands as payment for the decryption of your files is R$950 or nearly 300 US dollars. You are given five days to send the money to the e-mail address [email protected] You should NOT even be considering of paying the criminals any amount. That would only result in the crooks making more ransomware viruses with the money or support other criminal acts. Also, know that nobody can guarantee that your files will be restored if you pay the demanded ransom.

The PayDay ransomware encrypts files and appends the .sexy extension to each and every one of them. The encryption algorithm that is believed to be AES and malware researchers place it as a variant of the HiddenTear open-source project. A list with file extensions which the virus seeks to encrypt is not yet available, but you can see some of the extensions below:

→.doc, .docx, .pdf, .db, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx

The PayDay cryptovirus is probably set to erase the Shadow Volume Copies from the Windows operating system by using the command given down below:

→vssadmin.exe delete shadows /all /Quiet

Continue to read and find out what types of methods you can try to restore at least parts of your data.

Remove PayDay Ransomware and Restore .sexy Files

If your computer got infected with the PayDay ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by PayDay.

Note! Your computer system may be affected by PayDay Ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as PayDay Ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove PayDay Ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove PayDay Ransomware files and objects
2. Find files created by PayDay Ransomware on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...