Payday Ransomware

What is Payday Ransomware?

Compared to other file-encrypting malware Payday Ransomware is not as harmful as it could look like. Our researchers at Anti-spyware-101.com have tested the threat themselves and confirmed that it could encipher data only in a particular location. In other words, if you do not even keep valuable files in the infection’s targeted directory, the damage you receive could be lesser. Another thing we noticed is that the malicious program leaves a message written in Portuguese, so Payday Ransomware might be spread only in specific regions. Nonetheless, if you were not so fortunate and received this malware, we can help you erase it from the system. As you see, we are placing manual removal instructions a little below the text, but before you scroll down, it would be advisable to read more about the infection.

Where does Payday Ransomware come from?

Apparently, the malware could be distributed with fake PDF documents that might not raise any suspicion to less experienced users. Unfortunately, when users launch the infected attachment, it is already too late since Payday Ransomware should immediately start the encryption process. This is why our specialists always advise users to avoid opening files sent by someone you do not know or categorized as Spam. Such malicious applications’ creators often disguise malicious executable files and pick intriguing titles to raise your curiosity, so you have to be extra cautious. For more protection, users could acquire a legitimate antimalware tool that could help them fight such infections and guard the system against other threats as well.

How does Payday Ransomware work?

The good news is that the malware is based on a malicious application known as HiddenTear Ransomware. Since it is educational software and it has a working decryption tool available for anyone, there is a chance the volunteer IT specialists could create a decryptor for Payday Ransomware too. In any case, the threat might not damage a lot of your data or perhaps at least less important files since it targets only %USERPROFILE% and its subfolders, e.g. Desktop, Downloads, Pictures, and so on. The files are encrypted with the AES-256 cryptosystem, and each of it gets an additional extension called .sexy. For instance, an enciphered text document would look like my_document.docx.sexy.

Once the files are encrypted Payday Ransomware should show you a message with the instructions on how to purchase the decryption key or in other words, pay the ransom. The requested sum is 950 Brazilian reals, and if you convert it to US dollars, you should get approximately $280. According to the ransom note, the payment must be made in bitcoins to a specific account and afterward users are supposed to contact the cyber criminals through CATSEXY@PROTONMAIL.COM email address. As you realize, there are no guarantees that the malware‘s creators will bother to send the decryptor, after all, once the payment is made you cannot get your money back. Thus, we do not think it is a good idea to risk your savings, especially when the infection does not so much damage as other similar threats.

How to remove Payday Ransomware?

As usual, there are two ways to deal with ransomware, so you can choose the most fitting option based on your skills and experience. Firstly, users could try to get rid of the infection manually by locating its malicious data and deleting it as it is shown in the instructions available below the text. The other option left is to install a reliable antimalware tool on the infected computer and erase the infection with it. In that case, you could use the scanning feature, which would allow you to check the whole system and detect even multiple threats. Accordingly, you would erase not only Payday Ransomware but also other possible malware and other suspicious programs.

Eliminate Payday Ransomware

1. Go to your Desktop and remove the ransom note (!!!!!ATENÇÃO!!!!!.html).
2. Open the Explorer (Windows Key+E) and use it to navigate to Downloads, Temporary Files, Desktop, and other directories.
3. Find the fake PDF document or another malicious file that you might have downloaded before the malware appeared.
4. Right-click the file and select Delete.
5. Empty the Recycle bin.

Download Removal Tool100% FREE spyware scan and
tested removal of Payday Ransomware*