Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Slow internet connection
  • Connects to the internet without permission
  • Installs itself without permissions
  • Blocks system files from running
  • Can't be uninstalled via Control Panel

Payday Ransomware

Our malware researchers have recently discovered a new ransomware infection that was created using the Hidden-Tear source code, and it is called “Payday Ransomware.” Other infections that have used this code include Hollycrypt Ransomware, GhostCrypt Ransomware, and many others. According to our research and analysis, this malware is usually spread via spam emails, and the victims execute the malicious threats by opening the corrupted files attached to them. It was found that, in this particular case, the ransomware launcher is represented as a PDF file, and so you are unlikely to expect anything bad happening when you open this file. Unfortunately, once the file is executed, the malicious threat starts encrypting your files almost immediately, and it is unlikely that you will have a chance to delete the malicious executable. Once the encryption of your personal files is completed, there is little you can do, but removing Payday Ransomware is exceptionally important.

When Payday Ransomware is done encrypting your personal files using the AES-256 encryption algorithm, it creates a file called “!!!!!ATENÇÃO!!!!!.html”, which you can find on the Desktop. This file displays the ransom note that states: “Seus arquivos foram Sequestrados!” The message then informs that your files were encrypted using a cryptographically strong algorithm and that your need a decryption key to have your files unlocked. To retrieve this key, you are asked to pay a ransom of R$950.00 by transferring the money to the 1HGYr8g4Jv9EH6qgvEPFFFN9LYMkivFP7L Bitcoin Address in bitcoins. The message also suggests that you are expected to confirm your transaction by emailing cyber criminals at CATSEXY@PROTONMAIL.COM. This is pretty much the standard behavior of any ransomware infection, and, unfortunately, it is unlikely that you can recover your files in any other way. Of course, that does not mean that you HAVE to pay the ransom. In fact, we do not recommend this.

Although the devious Payday Ransomware gives 5 days for its victims to make the transaction, that does not mean that you can come back to this infection at a later time. The files that this infection has encrypted (the ones with the “.sexy” extension) are not going anywhere, and they will not just decrypt themselves with time, but the malicious executable of the threat could cause more issues. Our research team warns that this file can communicate with remote servers using unauthorized internet connection, and we cannot claim that we know all of the functions of this malicious file. Needless to say, the sooner your delete Payday Ransomware components from your operating system, the better. Do you keep wondering where the name of this threat has come from? According to our research team, characters from a video game called “Payday” are used in the background of the “!!!!!ATENÇÃO!!!!!.html” file.

So, what should you do? That is a loaded question, and we cannot give you a straight answer. The only option provided by the creator of Payday Ransomware is the ransom, but we simply cannot support this option because it is too risky. Moreover, we do not want you aiding cyber criminals financially so that they could keep creating new infections. Obviously, we cannot tell you to just forget about your files because we understand that they are important for you. Unfortunately, unless your files are backed up, you do not have many options, and you might have to choose the lesser evil. This choice has to be yours. Overall, remember that cyber crooks might keep the decryptor to themselves even if you pay the ransom, and there is always a chance that a legitimate decryptor will be created to free your files.

If you scroll down, you can find a manual removal guide that should help you delete Payday Ransomware from your operating system. This threat is not that hard to erase because it does not really matter if you erase it. At the end of the day, your files will remain locked, and you will still depend on cyber criminals for assistance. Of course, if you remove Payday Ransomware, it might become harder – if not impossible – to pay the ransom and, maybe, retrieve the decryptor. All in all, the removal of this threat is crucial, and you must erase it regardless of what happens with your personal files. Note that you can install anti-malware software to have the ransomware erased automatically, instead of following the guide below. We strongly recommend installing this software if you want your PC protected in the future.

GhostCrypt Ransomware Removal

  1. Delete the ransom note file !!!!!ATENÇÃO!!!!!.html from the Desktop.
  2. Locate the malicious .exe file and right-click it.
  3. Select Delete to eliminate the malicious executable.
  4. Install a trustworthy malware scanner to examine your PC for leftovers.
Download Spyware Removal Tool to Remove* Payday Ransomware
  • Quick & tested solution for Payday Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.