1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Paydra@cock.li Ransomware

Paydra@cock.li Ransomware is a malicious application from the Crysis Ransomware family. Same as other threats from it, the malware encrypts private data and opens a warning message that claims the computer’s owner has to purchase decryption tools. It does not say how much such tools would cost, but it is mention they will be available only for seven days. However, we recommend not to rush and learn more about the malicious application before deciding what. Keep in mind that if you do not have decryption tools, but have a backup of your most important files, you can replace encrypted data with copies. Naturally, for safety purposes, you should erase Paydra@cock.li Ransomware before transferring backup copies or creating new files on an infected device. As you see, the malware can launch itself after a restart, which means it could encrypt new data after each reboot. Thus, we recommend removing the threat with the instructions placed below or with an antimalware tool you trust.

It seems Paydra@cock.li Ransomware might be spread through Spam Emails. Such messages could carry malicious email attachments or links. Needless to say, it is best not to interact with such content if you do not want to risk infecting your system accidentally. What we always recommend is scanning suspicious attachments or other data downloaded from the Internet with a reliable antimalware tool. Always remember that even files that look like documents, pictures, software installers, or updates can be harmful as there are lots of ways to disguise malicious installers. Therefore, you can never let your guard down if you want to keep your computer secure.

Before Paydra@cock.li Ransomware starts encrypting user’s files, the malicious application should create specific files and folders on an infected computer. For starters, it ought to place executable files with random names in the %WINDIR%\System32, %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup, %ALLUSERSPROFILE%\Microsoft\Windows\StartMenu\Programs\Startup, and %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup directories. Next, the malware ought to create a Registry entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run location. Along with the executable files created in the earlier listed Startup directories, this Registry entry might ensure an infected device will launch Paydra@cock.li Ransomware automatically upon each system restart.

Afterward, our researchers say the malicious application should encrypt photos, documents, and other files that are considered to be private. During this process, affected files not only become locked but also gain a second extension consisting of three parts: id-{unique ID number}.[paydra@cock.li].html. For example, a file called document.docx could turn into document.docx.id-B4500913.[paydra@cock.li].html. Once, Paydra@cock.li Ransomware encrypts targeted user data, it should create ransom notes and launch a warning message containing a ransom note too. According to our researches, the malware might place files that would open such messages in several Startup locations as well as the earlier mentioned Registry path to ensure an infected computer launches ransom notes upon each restart too.

The main ransom note that shows up as a warning message on top of a victim’s screen ought to explain what happened to files and what a user can do to get them back. To be more precise, the note claims the hackers behind this malicious application have decryption tools that could decrypt all affected data. The note even suggests sending one small file of no value to cybercriminals so they could decrypt it free of charge. It might prove Paydra@cock.li Ransomware’s developers have needed decryption tools, but it does not prove they can be trusted and that they will deliver promised decryption tools. There is always a risk that you might not receive needed decryption tools even if your payment arrives in time (hackers give their victims seven days to pay).

Naturally, if you think it would be unwise to put up with any demands and you do not want to risk losing your money for nothing, we advise removing Paydra@cock.li Ransomware. Victims who feel up to this task could use the instructions provided at the end of this article. They explain how to locate all the malicious application’s files and how to delete them manually. The other way to erase it is to install a reliable antimalware tool, scan your system with it, and then remove any identified threats by pressing a given deletion button.

Erase Paydra@cock.li Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Choose Task Manager and select Processes.
  3. Find a process belonging to the threat.
  4. Mark it and click End Task.
  5. Exit Task Manager.
  6. Click Win+E.
  7. Find these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  8. Locate the malicious application’s launcher (some suspicious file downloaded before the infection appeared).
  9. Right-click it and select Delete.
  10. Find these locations:
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %WINDIR%\System32
    %APPDATA%
  11. Locate files called Info.hta, right-click them and select Delete.
  12. Find these specific Startup directories:
    %WINDIR%\System32
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  13. Find suspicious executable files, for example, file.exe; right-click them and choose Delete.
  14. Exit File Explorer.
  15. Press Win+R.
  16. Insert Regedit and click Enter.
  17. Find the given directory: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  18. Search for value names dropped by the threat, e.g., {random title}.exe, right-click them and select Delete.
  19. Exit Registry Editor.
  20. Empty Recycle Bin.
  21. Restart the computer.
Download Spyware Removal Tool to Remove* Paydra@cock.li Ransomware
  • Quick & tested solution for Paydra@cock.li Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.