Pashka Ransomware

Posted by Max Lehmann on January 31, 2020

What is Pashka Ransomware?

If you have found the “.pashka” extension attached to your personal files, Pashka Ransomware is the threat that you are dealing with. This infection could be presented to you via emails and bundled downloaders, and because cybercriminals are likely to introduce it to you in some sneaky way, you might not recognize malware. Obviously, Anti-Spyware-101.com researchers warn that it is crucial to be careful about the emails you open or the files you download because you never know what kinds of dangers you might face. If the threat has slithered in already, you have three things to worry about. First of all, you might be looking for ways to restore your files. Next, you need to figure out how to remove Pashka Ransomware. Finally, the overall security of your operating system must be on your mind too. So, do you know how to restore files, delete malware, and secure your system? If you have no idea, we suggest that you read this report to learn all about it.test

How does Pashka Ransomware work?

Pashka Ransomware encrypts files in %HOMEDRIVE%, %PROGRAMFILES%, and %USERPROFILE% folders. It also has a list of specific extensions that it is meant to target, which include .avi, .asm, .bak, .cpp, .cs, .dbf, .doc, .docx, .edb, .eml, .fzip, .gif, .host, .htm, .html, .java, .jpeg, .jpg, .key, .mdb, .mkv, .mp4, .mpeg, .msg, .odb, .odg, .ods, .odt, .pdf, .pem, .pfx, .php, .png, .ppt, .psd, .rar, .raw, .rnd, .sql, .svg, .tar, .tiff, .txt, .vdi, .mvsg, .vmdk, .vmx, .wmdb, .xlsx, and .zip. Once these files are encrypted – and a unique key is used for that – you should find your files to be unreadable. When we analyzed Pashka Ransomware, a free tool that could decrypt files corrupted by this malware did not exist. Unfortunately, that suggests that victims of this infection might never get their files back. Obviously, if backup copies of these files exist outside the computer, they can act as replacements. What about the deal offered by the attackers? Regardless of what might be promised to you, understand that cybercriminals cannot be trusted, and so we do NOT recommend paying attention to their promises, demands, or instructions. If you let them manipulate you, you could end up losing your files and your money.

The “HELP_ME_RECOVER_MY_FILES.txt” file is dropped by Pashka Ransomware to make you understand what the attackers want. The message inside informs that while all personal files were encrypted, you have the chance to restore them using a special decryption tool and personal decryption password. This might give you hope, but that is exactly what the attackers want because if you have hope, you might decide to follow their instructions. According to them, you need to send a ransom of 0.3 Bitcoin (at the time of analysis, that was around 2,800 USD) to the 3LtZ1DRUTupWFdxkgyTyMDa2AYEcNio4Pu wallet and then contact the attackers by sending a message to unlockransomware@protonmail.com. As you already know, we do not believe that you would get a decryptor in return if you fulfilled these demands. Besides losing your money, you could also expose yourself to new attacks that cybercriminals often conduct using mass spam email attacks. We really hope that you have backups and that you do not need to ponder for one minute whether or not to trust cybercriminals.

How to remove Pashka Ransomware

Whether or not you can decrypt or replace your files, deleting Pashka Ransomware is also extremely important. We do not think that most victims will be able to remove this malware manually for a very simple reason: The launcher file might have a unique location and name. Of course, if you can identify this file, you should be able to get rid of the threat manually. Besides the launcher, the ransom note file is the only other component associated with the threat. Another option is to install legitimate anti-malware software, and we recommend installing it because besides automatically removing Pashka Ransomware, this tool can also offer Windows protection. As we mentioned already, securing your system is very important because there are many many infections that could attack your system next if it remains unprotected. Note that there are even thousands of ransomware threats just like Pashka, some of which include SySS Ransomware, ROGER Ransomware, Horsedeal Ransomware, and Ako Ransomware.

Removal Guide

  1. Delete the ransom note file named HELP_ME_RECOVER_MY_FILES.txt.
  2. Tap Win+E keys on the keyboard to launch Windows Explorer.
  3. Enter the following pathsinto the field at the top to access these folders:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  4. If you can find suspicious files, Delete them. Note that you can delete everything in %TEMP%.
  5. Empty Recycle Bin.
  6. Install a trusted malware scanner to help you inspect your system for potential leftovers. 100% FREE spyware scan and
    tested removal of Pashka Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *