Hva er PartiZAN32?
PartiZAN32 is a type of ransomware from the Xorist family. It was identified by our team through an analysis of samples from the VirusTotal website. This malware encrypts files and adds a unique extension (“.xqwertzuioplkjhgfyxcvbnmD”) to the affected filenames, along with changing the desktop wallpaper.
The ransomware creates two ransom notes: one as a text file named “HOW TO DECRYPT FILES.txt” and another as a pop-up message. For eksempel, it renames files like “1.jpg” to “1.jpg.qwertzuioplkjhgfyxcvbnmD“.
More About PartiZAN32
PartiZAN32 locks files, rendering them inaccessible, and demands a ransom, usually in cryptocurrency, to unlock them. Paying the ransom does not guarantee file recovery and might encourage further criminal activities. It’s crucial for users to maintain backups on separate devices to minimize losses.
PartiZAN32 Ransomware can infect computers through malicious emails, software vulnerabilities, or pirated software containing malware. Users might also encounter malicious ads or scams that lead to infections. Another method includes the use of infected USB drives or other malware that installs ransomware.
Details of the Ransom Note
The ransom note informs victims that their files have been encrypted by PartiZAN32. It demands that victims contact a provided email (pasomnicadecryption@gmail.com) to obtain a free decryption key. It warns victims against attempting decryption without the attackers’ help, mentioning that multiple failed attempts could lead to the sale of their information on the dark web.
Oopsie Daisy! Your files have been encrypted by PartiZAN32.
How Do I Recover My Files?
By G-Mailing pasomnicadecryption@gmail.com, we will give you the key for free! Yep, free. YOU'RE A LUCKY!
Your ID:0905
Key: 0,00USD
-----------------
After getting the key, please click on any encrypted file or simply reclick the ransomware. A little tab will appear. You will insert the key there and PartiZAN32 is gone from you computer! (Don' attemp to decrypt without key, you will damage your files)
You Have 5 attempts to insert the correct key, if all 5 attempts are gone, all your files and IPADRESS will be sold on the dark web!
Screenshot of PartiZAN32’s desktop wallpaper:
OOPSIE DAISY! ALL YOUR FILES HAVE BEEN ENCRYPTED BY PARTIZAN32.
READ README.TXT TO GET INFO ABOUT HOW TO DECRYPT.
To protect yourself, avoid opening email attachments or clicking links from unknown sources. Only download from official sources and be vigilant during software installations. Keep your system and software updated, and use reputable security tools to detect and remove threats.
Removing PartiZAN32 Ransomware
If your system is infected with PartiZAN32, using a tool like Trojan Remover for Windows is recommended to help remove this ransomware effectively.
Loaris Trojan Remover skiller seg ut som det fremste valget for å utrydde løsepengevaretrusselen og gjenopprette systemet ditt. Den har en avansert skannemotor som oppdager løsepengevare i alle former og tillater målrettede skanninger med funksjonen Custom Scan..
For å navigere rundt løsepengevarens utførelsesblokker, starte PC-en din inn Sikkermodus med nettverk. Dette kan gjøres gjennom feilsøkingspanelet ved å starte PC-en på nytt mens du holder nede Shift-tasten, navigerer til oppstartsinnstillinger, og velge Windows 10 Sikkermodus med nettverk.
I sikkermodus, start Loaris-installasjonsprogrammet, følg installasjonsinstruksjonene, og aktiver den gratis prøveversjonen for full funksjonalitet.
Gjennomfør en full skanning, gjennomgå listen over oppdagede trusler, og fortsett med de anbefalte fjerningshandlingene.
Recovering Files with PhotoRec
Last ned PhotoRec, spesifiser disken eller partisjonen og ønskede filformater for gjenoppretting og start gjenopprettingsprosessen for å redde de krypterte dataene dine.
