What is PartiZAN32?
PartiZAN32 is a type of ransomware from the Xorist family. It was identified by our team through an analysis of samples from the VirusTotal website. This malware encrypts files and adds a unique extension (“.xqwertzuioplkjhgfyxcvbnmD”) to the affected filenames, along with changing the desktop wallpaper.
The ransomware creates two ransom notes: one as a text file named “HOW TO DECRYPT FILES.txt” and another as a pop-up message. Bijvoorbeeld, it renames files like “1.jpg” to “1.jpg.qwertzuioplkjhgfyxcvbnmD“.
More About PartiZAN32
PartiZAN32 locks files, rendering them inaccessible, and demands a ransom, usually in cryptocurrency, to unlock them. Paying the ransom does not guarantee file recovery and might encourage further criminal activities. It’s crucial for users to maintain backups on separate devices to minimize losses.
PartiZAN32 Ransomware can infect computers through malicious emails, software vulnerabilities, or pirated software containing malware. Users might also encounter malicious ads or scams that lead to infections. Another method includes the use of infected USB drives or other malware that installs ransomware.
Details of the Ransom Note
The ransom note informs victims that their files have been encrypted by PartiZAN32. It demands that victims contact a provided email (pasomnicadecryption@gmail.com) to obtain a free decryption key. It warns victims against attempting decryption without the attackers’ help, mentioning that multiple failed attempts could lead to the sale of their information on the dark web.
Oopsie Daisy! Your files have been encrypted by PartiZAN32.
How Do I Recover My Files?
By G-Mailing pasomnicadecryption@gmail.com, we will give you the key for free! Yep, free. YOU'RE A LUCKY!
Your ID:0905
Key: 0,00USD
-----------------
After getting the key, please click on any encrypted file or simply reclick the ransomware. A little tab will appear. You will insert the key there and PartiZAN32 is gone from you computer! (Don' attemp to decrypt without key, you will damage your files)
You Have 5 attempts to insert the correct key, if all 5 attempts are gone, all your files and IPADRESS will be sold on the dark web!
Screenshot of PartiZAN32’s desktop wallpaper:
OOPSIE DAISY! ALL YOUR FILES HAVE BEEN ENCRYPTED BY PARTIZAN32.
READ README.TXT TO GET INFO ABOUT HOW TO DECRYPT.
To protect yourself, avoid opening email attachments or clicking links from unknown sources. Only download from official sources and be vigilant during software installations. Keep your system and software updated, and use reputable security tools to detect and remove threats.
Removing PartiZAN32 Ransomware
If your system is infected with PartiZAN32, using a tool like Trojan Remover for Windows is recommended to help remove this ransomware effectively.
Loaris Trojan Remover onderscheidt zich als de beste keuze voor het uitroeien van de ransomware-dreiging en het herstellen van uw systeem. Het beschikt over een geavanceerde scanengine die ransomware in alle vormen detecteert en gerichte scans mogelijk maakt met de Custom Scan-functie.
Om door de uitvoeringsblokken van de ransomware te navigeren, start uw pc op Veilige modus met netwerkmogelijkheden. Dit kunt u doen via het paneel Probleemoplossing door uw pc opnieuw op te starten terwijl u de Shift-toets ingedrukt houdt, navigeren naar Opstartinstellingen, en Windows selecteren 10 Veilige modus met netwerkmogelijkheden.
In de veilige modus, start het Loaris-installatieprogramma, volg de installatie-aanwijzingen, en activeer de gratis proefversie voor volledige functionaliteit.
Voer een volledige scan uit, bekijk de lijst met gedetecteerde bedreigingen, en ga verder met de aanbevolen verwijderingsacties.
Recovering Files with PhotoRec
FotoRec downloaden, specificeer de schijf of partitie en de gewenste bestandsformaten voor herstel en start het herstelproces om uw gecodeerde gegevens te redden.