What is Pashka Ransomware?
Pashka Ransomware is another virus that encrypts user files and extorts money to restore access to them. It appeared in early January of the new 2020. This malware encrypts all found images, MS Office documents, PDF files, videos and other files using the AES algorithm. Thus, users lose access to their data and may be forced to pay scammers to get their files back. After that, the ransomware adds the .pashka extension to the encrypted (i.e. infected) files and creates the text file HELP_ME_RECOVER_MY_FILES.txt in all the folders that were attacked by it.
In it, scammers carefully explain to you exactly what happened to your data and what you should do to recover it. Namely, transfer 0.03 BTC to the specified wallet, and then write to them at firstname.lastname@example.org. Computer security experts do not recommend being led by cybercriminals, as they tend not to send the promised tool to decrypt files, and you will be left with nothing. In this case, it is better to use antiviruses from well-known trusted suppliers of the corresponding software. Pashka Ransomware creates a text file on the desktop and in infected folders with the following contents:
ATTENTION! All your important files have been encrypted!
To return your files, send 0.03 bitcoins and contact us to confirm the payment and your unique identifier.
We will send you a decryption tool with your personal decryption password.
Where can I buy bitcoins:
Bitcoin wallet to transfer:
Unique Identification Key (must be sent to us with payment confirmation):
As you can see from the message, a discount is also offered here if you fulfill the requirements of cybercriminals. In this case, the amount will be $ 490, not 980, as originally. This supposed benefaction is a very primitive ploy. The goal is for you to pay as quickly as possible until you come to your senses. There is no guarantee that your files will be returned in their original condition.
There are two solutions to this problem. The first is to use an automated removal tool. This method is suitable even for inexperienced users since the removal tool can delete all instances of the virus in just a few clicks. The second is to use the Manual Removal Guide. This is a more complex way that requires special computer skills.
How Pashka ransomware gets on my computer?
– Spam attachments and hyperlinks
– Software vulnerabilities and exploits
– Malicious sites
– Backdoors (defects of the algorithm that are intentionally built into it by the developer and allow you to gain unauthorized access to data or remote control of the operating system and the computer as a whole)
In the process of its work, Pashka places an executable file with a random name in the% TEMP% folder, modifies the Windows registry, disables the system restore function at boot, and performs all of some other actions. The encryption process itself takes from a few seconds to several minutes. After that, the .pashka extension is added to each of the files, for example, song.mp3 will become song.mp3.pashka and will no longer be opened by the music player.
How to remove Pashka Ransomware?
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will Pashka Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Pashka Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of Pashka Ransomware:
Related connections or other entries:
How to decrypt files infected by Pashka Ransomware?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although the latest versions of Pashka Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Pashkat-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
How to prevent your system from Ransomware?
Make sure your Remote Desktop Protocol (RDP) connection is closed when you don’t use it. Also, we recommend using a strong password for this service. The most efficient way to avoid data lose is of course to make a backup of all important data from your computer.