What is PartiZAN32?
PartiZAN32 is a type of ransomware from the Xorist family. It was identified by our team through an analysis of samples from the VirusTotal website. This malware encrypts files and adds a unique extension (“.xqwertzuioplkjhgfyxcvbnmD”) to the affected filenames, along with changing the desktop wallpaper.
The ransomware creates two ransom notes: one as a text file named “HOW TO DECRYPT FILES.txt” and another as a pop-up message. Till exempel, it renames files like “1.jpg” to “1.jpg.qwertzuioplkjhgfyxcvbnmD“.
More About PartiZAN32
PartiZAN32 locks files, rendering them inaccessible, and demands a ransom, usually in cryptocurrency, to unlock them. Paying the ransom does not guarantee file recovery and might encourage further criminal activities. It’s crucial for users to maintain backups on separate devices to minimize losses.
PartiZAN32 Ransomware can infect computers through malicious emails, software vulnerabilities, or pirated software containing malware. Users might also encounter malicious ads or scams that lead to infections. Another method includes the use of infected USB drives or other malware that installs ransomware.
Details of the Ransom Note
The ransom note informs victims that their files have been encrypted by PartiZAN32. It demands that victims contact a provided email (pasomnicadecryption@gmail.com) to obtain a free decryption key. It warns victims against attempting decryption without the attackers’ help, mentioning that multiple failed attempts could lead to the sale of their information on the dark web.
Oopsie Daisy! Your files have been encrypted by PartiZAN32.
How Do I Recover My Files?
By G-Mailing pasomnicadecryption@gmail.com, we will give you the key for free! Yep, free. YOU'RE A LUCKY!
Your ID:0905
Key: 0,00USD
-----------------
After getting the key, please click on any encrypted file or simply reclick the ransomware. A little tab will appear. You will insert the key there and PartiZAN32 is gone from you computer! (Don' attemp to decrypt without key, you will damage your files)
You Have 5 attempts to insert the correct key, if all 5 attempts are gone, all your files and IPADRESS will be sold on the dark web!
Screenshot of PartiZAN32’s desktop wallpaper:
OOPSIE DAISY! ALL YOUR FILES HAVE BEEN ENCRYPTED BY PARTIZAN32.
READ README.TXT TO GET INFO ABOUT HOW TO DECRYPT.
To protect yourself, avoid opening email attachments or clicking links from unknown sources. Only download from official sources and be vigilant during software installations. Keep your system and software updated, and use reputable security tools to detect and remove threats.
Removing PartiZAN32 Ransomware
If your system is infected with PartiZAN32, using a tool like Trojan Remover for Windows is recommended to help remove this ransomware effectively.
Loaris Trojan Remover sticker ut som det främsta valet för att utrota ransomware-hotet och återställa ditt system. Den har en avancerad skanningsmotor som upptäcker ransomware i alla former och möjliggör riktade skanningar med sin Custom Scan-funktion.
För att navigera runt ransomwarens exekveringsblock, starta upp din PC Säkert läge med nätverk. Detta kan göras via felsökningspanelen genom att starta om din dator samtidigt som du håller ned Skift-tangenten, navigerar till Startinställningar, och välja Windows 10 Säkert läge med nätverk.
I felsäkert läge, starta Loaris-installationsprogrammet, följ installationsanvisningarna, och aktivera den kostnadsfria provperioden för full funktionalitet.
Gör en fullständig genomsökning, granska listan över upptäckta hot, och fortsätt med de rekommenderade borttagningsåtgärderna.
Recovering Files with PhotoRec
Ladda ner PhotoRec, ange disken eller partitionen och önskade filformat för återställning och starta återställningsprocessen för att rädda dina krypterade data.
