Payt Ransomware Lists No Specific Ransom Demand

Payt ransomware is the name of a new strain of file-encrypting malware. This new variant does not seem to belong to any particular ransomware family.

Once deployed on a target system, Payt encrypts files on it, scrambling almost every media, document, archive and database extension and file type. Once encrypted, files receive a multi-part new extension that consists of the victim's ID string, the contact email of the ransomware operator, and the ".Payt" string.

This will make a file formerly called "image.jpg" transform into "image.jpg.[victim ID](" upon encryption.

The ransom note is deposited inside a plain text file with the name "ReadthisforDecode.txt". The full contents of the ransom note are as follows:

Your Files Are Has Been Locked

Your Files Has Been Encrypted with cryptography Algorithm

If You Need Your Files And They are Important to You, Dont be shy Send Me an Email

Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored

Get Decryption Tool + RSA Key AND Instruction For Decryption Process


1- Do Not Rename or Modify The Files (You May loose That file)

2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )

3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files

Your Case ID :-

OUR Email  

:wesleypeyt at tutanota dot com

in Case of no answer: wesleypeyt at gmail dot com

August 5, 2022