Locked .PAAS Ransomware attack

[miloboy05]

Just last night my Laptop was still virus free. It was used as regular and then suddenly this morning I opened it and some virus alert notifications came up.
Upon checking after the alerts, almost all my files on system are already infected and their file extensions has been changed to ".paas"
Everything on drive C: got infected and after some time researching about this .paas it says it was a kind of ransomware and it felt like its somethinig new.
Most tutorials on the internet and youtube on removing it was just recent like days and weeks ago.
I hope someone here in the site knows about this already.
I hope someone here can help me removing this .paas ransomware and prevent it from coming back and most specially to restore files that are infected with it.
Advance salute and thanks to those who may see and read this thread.
Thank you in advance!

----------------------------------------

 

[Jimmy Collaros]

The lesson is ALWAYS keep copies of the files in an external not connected disk.
Usually it is difficult to get your files back i had the same problem 2 years ago and never found any solution.

 

[Cyler]

Apologies: My internet farted and I accidentally merged the 2 posts that @Charles made with the main post, instead of just merging the 2 posts in 1. Sadly a Super admin can only correct this but I hope it will be corrected soon. If @Charles can write the post again via copy-paste, it would help this a lot.

 

[Charles]

Honestly, with ransomware, my personal policy is, when in doubt, throw it out.
I'd reimage from a known good backup, or just do a complete reinstall.
I always keep all of my personal stuff I don't want to lose, in 4 different places. Online in the cloud, via GSuite, to a drive that is NOT connected to my machine, An external Hard drive, A USB flash drive, and a cold storage drive I keep in a safe.
Paranoia is simply acute awareness.
But, in all honesty, if you need to recover those files, I'd basically remove the whole drive, and place it in cold storage, until a "FIX" is in, or create an image of the drive, and password protect it. That way you won't "accidentally" open it and infect your new install.
Backups are a pain, for most people, and I understand all too well about losing your personal files, etc. That's why I learned about backing up, and cold storage, long ago.
Best of luck to you.

P.S. I don't recommend paying the ransom. If you have to, just remember it's a 50/50 chance that you'll get back into your files...aka they may take the money and run.

Emsisoft has a Djvu Decryption page, that you may want to try. It only works for the older variants, but YOU MAY GET LUCKY.
You may also want to look for the program Disk Tuna.
I know it sounds kind of "Fishy" ba daamp tiss... sad trombone sound" but from their website
"Freeware video repair / audio repair. Media_Repair will attempt to repair files encrypted by STOP/DJVU ransomware variants by making the non-encrypted part of the file playable again. Media_Repair does not decrypt files. Media_Repair currently supports following video and audio file types:

• WAV*
• MP3
• MP4*
• M4V*
• MOV*
• 3GP*

 

[miloboy05]

It's my first time being attacked by these ransomware. My laptop has been used by my office mates. They might installed freeware apps. Really regret letting them use it and the saddest part they have installed something without my consent and the files have been corrupted.

 

[element4l]

Ouch what a lesson, are you using antivirus?

 

[miloboy05]

Ouch what a lesson, are you using antivirus?

currently i while my laptop has been attacked, there is no additional security. I just rely on build Windows Security Microsoft Defender

I use 360 Security before but haven't installed it yet and now this.

 

[element4l]

currently i while my laptop has been attacked, there is no additional security. I just rely on build Windows Security Microsoft Defender

I suggest Kaspersky. It outperforms virtually every other antivirus and this can be seen just by looking for videos of people trying common attacks and comparing it to other antiviruses. It's very effective against ransomware and other things. In fact, I spent some time in a cracking community that made these kinds of viruses, RATs, and other such things, and found out that the people there all hate Kaspersky because it's virtually impossible to get around. Most people just give up when they see Kaspersky. As for Windows Defender, I saw multiple scripts that were able to disable it temporarily or permanently. So based on what I have witnessed hackers do with my own eyes, WD is not enough, even though virtually everyone will tell you it is. Especially if you plan on downloading hacked software.

I know none of this will help recover your files, but you might also want to look into a cloud backup solution if you haven't yet. Backblaze is very cheap and effective and could be used to backup system images, allowing you to roll back 30 days to a year (or forever) depending on how much you're willing to pay.

As for backing up software, I used to use AOMEI but it kept deleting my schedules, so I switched to EaseUS ToDo Backup. It has been working very well so far.

 

[GoldenEagle54]

@miloboy05 , Not entirely sure there's anything you can do. I had such an experience once, both internal and external hdd, fortunately only exe files got infected. Had to delete all my games in hdd and format my pc.

First thing's first, having only an antivirus isn't simply enough. You need a wide set of tools like ublock origin, cookie blocker, and such extensions on your laptop. You need to restrict the number of apps having internet access, use a software like simple firewall. These both are your first line of defense. Next you might want to have a scanner like Malwarebytes free along with Windows Defender or my personal suggestion would be to get ESET Endpoint Security available here in TeamOS, really good and light on the resources.
And don't go to unscrupulous sites. If you have to, do know what you're doing. Have ublock origin on (certain sites like dropgalaxy demands you to turn off, avoid them)

 

[HGrabowski]

I had a similar problem a year ago when I was attacked.
The extension of the encrypted file was .mpaj.
Your encryption with the extension is .paas. You have probably explanation in _readme.txt how to recover Your files (decrypted)
Unfortunately I did not do a cloning and backup.
I had to analyze everything from the beginning why it happened and what was the weak point in the system.
Since then I've been using Malwarebytes Anti-Malware.
if I test anything it's in an upgraded Virtual Machine or a sandbox. I don't believe myself that something seems to be ok.
I also use a firewall overlay from Malwarebytes Check this

You must be registered for see links

.

 

[miloboy05]

I had a wide range of knowledge now what can I do now. Thanks a lot for all the responses. Must do something now to prevent it happening again.

 

[Gorstak]

uhm, I'm a complete noob, but is this somehow connected to paas the haash?

 

[Neo23]

Hey @miloboy05

Try kaspersky especisally the PXE version of it. There is also a certain website where you can try different keys My heart goes out to you mate. Let us know how you get on.

 

[dzoslite]

I suggest Kaspersky. It outperforms virtually every other antivirus and this can be seen just by looking for videos of people trying common attacks and comparing it to other antiviruses. It's very effective against ransomware and other things. In fact, I spent some time in a cracking community that made these kinds of viruses, RATs, and other such things, and found out that the people there all hate Kaspersky because it's virtually impossible to get around. Most people just give up when they see Kaspersky. As for Windows Defender, I saw multiple scripts that were able to disable it temporarily or permanently. So based on what I have witnessed hackers do with my own eyes, WD is not enough, even though virtually everyone will tell you it is. Especially if you plan on downloading hacked software.

I know none of this will help recover your files, but you might also want to look into a cloud backup solution if you haven't yet. Backblaze is very cheap and effective and could be used to backup system images, allowing you to roll back 30 days to a year (or forever) depending on how much you're willing to pay.

As for backing up software, I used to use AOMEI but it kept deleting my schedules, so I switched to EaseUS ToDo Backup. It has been working very well so far.

Dear Sir,
I see that your recommend Kaspersky, but it is always heavy for the system.
I am using ESET Endpoint security from TeamOS, Did you have any suggestion about it.
Thnk you for your replay.

 

[Baronstragen]

Dear Sir,
I see that your recommend Kaspersky, but it is always heavy for the system.
I am using ESET Endpoint security from TeamOS, Did you have any suggestion about it.
Thnk you for your replay.

I am using Symantec Endpoint Protection. I was using Kapersky (Free).
Here is how SEP Compares to Kapersky Endpoint Security for Business.

Symantec Endpoint protection is available on this site. Full version.

You must be registered for see links

You must be registered for see links

 

[dzoslite]

I am using Symantec Endpoint Protection. I was using Kapersky (Free).
Here is how SEP Compares to Kapersky Endpoint Security for Business.

Symantec Endpoint protection is available on this site. Full version.

You must be registered for see links

You must be registered for see links

Dear Baronstragen,
Thank you for your quick replay.
Let say I hated Kaspersky and Symantec You recommande me to use them.!!!
I am using ESET Endpoint 8 and somehow I feel protected well but not sure.
Me and a lot of my friends were attacked by ransomware and lost almost of our data. and afraid to spent the same experience again.

 

[Baronstragen]

Dear Baronstragen,
Thank you for your quick replay.
Let say I hated Kaspersky and Symantec You recommande me to use them.!!!
I am using ESET Endpoint 8 and somehow I feel protected well but not sure.
Me and a lot of my friends were attacked by ransomware and lost almost of our data. and afraid to spent the same experience again.

I've used ESET Endpoint security. Not as secure as Symantec. If you download the version here it is updatable and it catches everything. Too much, in fact. I had to have it ignore some files.

 

[ph4nt0m]

Please check PM and revert me back if its working thanks

 

[ragha]

Dear its really very sad situation after the ransomware attack , all the files are decrypted and u r just feeling helpless, same was happened to my laptop infected with cerber 3 , few years back and till today no solution is there so i kept my hdd safe ,if u have some stuff which is really prescious that u cant delete it then keep ur hdd safe and keep trying all the stuff and replace it with new one

 

[HGrabowski]

The whole mechanism of ramsomware is very similar - this group of attackers uses the same mechanisms and I am very curious if in a virtual machine updated or sandboxed or preferably on a separate computer you can provoke yourself and cause such an attack on purpose. Probably either in the browser or one of the files causes it. Please see for what price I would have to recover encrypted data: when I was attacked in 2016. see my next post.