What is PYAS Ransomware?
PYAS is a form of malicious software that encrypts files, making them inaccessible and appending the ".PYAS" extension to filenames.
It also drops a "README.txt" file containing a ransom note informing victims that their text documents, images, word processing documents, compressed files, executable files and more have been encrypted. To retrieve the encrypted files, victims are asked to contact the hacker through Discord using the username "mtkiao129#2443".
This indicates that the hacker is not particularly knowledgeable in information security as they have chosen Discord as their primary means of communication with potential victims.
Table of Contents
The PYAS ransom note
The "README.txt" file generated by the ransomware contains the following text:
Your files look has been encrypted!
All your files, including text, pictures, word, zip, exe and more, are already encrypted.
If you want to decrypt all files, please use Discord to search for me: mtkiao129#2443,
you will get the decryption
Judging by the language and grammar used in the note, it's safe to assume that the threat actor is not a native Englsh speaker as well.
How can ransomware like PYAS get on your system?
Ransomware like PYAS can get on your system through malicious links or attachments in emails, downloading files from untrusted sources, visiting malicious websites, and clicking on pop-up ads. It can also be spread through social engineering tactics such as phishing scams. Additionally, ransomware can be installed by exploiting vulnerabilities in outdated software or operating systems.
To protect yourself from ransomware, it is important to keep your software and operating system up to date, use strong passwords and two-factor authentication when possible, avoid clicking on suspicious links or attachments in emails, and only download files from trusted sources.
What Is PYAS Ransomware And How To Stop & Remove PYAS Ransomware On Your Computer
