September 13, 2017 by

Paradise Ransomware Uses RSA Encryption to Attack Computers

A newly discovered ransomware-as-a-service (RaaS) program called Paradise is attempting to infect computers via hijacked Remote Desktop services.

An RaaS is where the developer of ransomware manages its development and operates the Command and Control server in exchange for a small cut of all ransom payments received from victims.

According to security expert and BleepingComputer creator Lawrence Abrams, the ransomware relaunches itself following execution to gain administrative privileges. The ransomware then encrypts a device’s files with an RSA-1024 algorithm by appending the string “id-[affiliate-id]. [affiliate_email].paradise” to targeted file names.

Abrams wrote:

The ransomware will write the RSA encryption key that was used to encrypt a victim’s files to the %UserProfile%\DecriptionInfo.auth file. This file will then be encrypted by a master encryption key that was bundled in the ransomware executable.  This allows the developers to extract a victim’s unique RSA key after they have paid a ransom.

If the ransomware is successfully executed, it throws up an image on the desktop with white text over a black background that reads “All your files are encrypted!”. In a corresponding .txt file, the ransom note includes the attackers’ email address and payment instructions to obtain and pay with bitcoin, a digital currency. “Your important files produced [sic] on this computer have been encrypted due a security problem” the note added.

Notably, the ransomware uses RSA encryption to take over the file, a process of encryption that is very slow. If the victim is alert to it, the encryption could be detected and put an end to.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

US Hospital Coughs Up $55,000 to Hackers after Ransomware Attack

A ransomware attack targeting a hospital in Greenfield, Indiana, has seen hackers make away with...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

Ransomware Continues to Dominate as 2017’s Main Attack Vector

Cyber attacks are on the rise in 2017, clocking a staggering 238% jump in attacks against endpoints....

Read more arrow_forward