Clicky

 

What is .sell File Extension ransomware? And how does it carry out its attack?

.sell File Extension ransomware is a new variant of the infamous Paradise ransomware. Just like its previous version, this new variant is being offered as ransomware-as-a-service or RaaS. According to researchers, the activity of this ransomware is still quite low so it isn’t widely spread yet.
.sell File Extension ransomware begins to carry out its attack by dropping several malicious files in the infected computer. After it creates additional files, this ransomware might mess with the key system Windows files that could allow it to run files and scripts as an administrator. .sell File Extension ransomware, the same with its predecessor, also makes use of the RSA 2048 encryption algorithm in locking its targeted files. After it encrypts files, it makes its presence known by creating a ransom note named #DECRYPT MY FILES# which shows the following content:
“Your files are encrypted!
Paradise Ransomware Team!
Your personal ID
[redacted] Your personal KEY
WHAT HAPPENED!
Your important files produced on this computer have been encrypted due to a security problem.
If you want to restore them, write to us by email.
You have to pay for decryption of Bitcoins. The price depends on how fast you write to us.
After payment, we will send you the decryption tool that will decrypt all your files.
FREE DECRYPTION AS GUARANTEE!
Before payment, you can send us 1-3 files for free decryption.
Please note that files must NOT contain valuable information.
The file size should not exceed 1MB.
As evidence, we can decrypt one file
HOW TO OBTAIN BITCOINS!
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
https://localbitcoins.com/buy_bitcoins/
Also, you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
write to Google how to buy Bitcoin in your country?
Contact!
e-mail:
or
e-mail:
Attention!
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
You are guaranteed to get the decryptor after payment
As evidence, we can decrypt one file
Do not attempt to use the antivirus or uninstall the program
This will lead to your data loss and unrecoverable
Decoders of other users are not suitable to decrypt your files – encryption key is unique”
Moreover, this Paradise ransomware variant might also delete the shadow volume copies of the encrypted files to make it hard for victims to recover their important files. Nevertheless, paying the ransom is not recommended as these cybercrooks can’t be trusted.
How does .sell File Extension ransomware disseminate its malicious payload?
This new Paradise ransomware variant disseminates its malicious payload through spam emails. Usually, these kinds of malware-laden emails are disguised as legitimate emails that urge users to download the corrupted attachment. The attachment may be a document containing macro scripts used to install .sell File Extension ransomware into the targeted system. To prevent this from happening again, the moment you see a suspicious email in your inbox, you need to erase it right away – chances are it might be the one sent by cyber crooks to infect your computer with threats like Paradise ransomware.
Eliminate .sell File Extension ransomware from your system with the help of the removal instructions below.
Step 1: Open Windows Task Manager by pressing Ctrl + Shift + Esc at the same time.

Step 2: Go to both the Application and Processes tabs and look for any suspicious applications and processes affiliated to .sell File Extension ransomware and then kill them.

Step 3: Open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.

Step 4: Look for Paradise ransomware or any suspicious program and then uninstall it/them.

Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Navigate to the following directories:

  • %USERPROFILE%\Desktop
  • %USERPROFILE%\AppData\Local\Temp
  • %USERPROFILE%\downloads
  • %TEMP%

Step 7: Look for the following malicious files created by the ransomware and delete them all and then close the File Explorer.

  • #DECRYPT MY FILES#.txt
  • #Decrypt My Files#.txt

Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.

Step 9: Navigate to the following paths:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
  • HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
  • HKEY_CURRENT_USER\Control Panel\Desktop

Step 10: Under the paths listed above, look for registry values created by .sell File Extension ransomware and delete it.
Step 11: Close the Registry Editor
Step 12: Empty all the contents of Recycle Bin.
Ensure the removal of .sell File Extension ransomware forms your computer, to do so, follow the advanced removal guide below.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:

  1. Turn on your computer. If it’s already on, you have to reboot
  2. After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.

  1. To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
  2. Windows will now load the SafeMode with Networking.
  3. Press and hold both R key and Windows key.

  1. If done correctly, the Windows Run Box will show up.
  2. Type in explorer http://www.fixmypcfree.com/install/spyremoverpro

A single space must be in between explorer and http. Click OK.

  1. A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. The installation will start automatically once a download is done.

  1. Click OK to launch it.
  2. Run SpyRemover Pro and perform a full system scan.

  1. After all the infections are identified, click REMOVE ALL.

  1. Register the program to protect your computer from future threats.
logo main menu

Copyright © 2024, FixMyPcFree. All Rights Reserved Trademarks: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: FixMyPcFree.com is not affiliated with Microsoft, nor claim direct affiliation. The information on this page is provided for information purposes only.

DMCA.com Protection Status

Log in with your credentials

Forgot your details?