How to Remove Pay2Decrypt Ransomware
Pay2Decrypt is the name of a new strain of ransomware, spotted in the wild only recently. It does not seem to belong to any broader family of ransomware clones.
The ransomware behaves like most other variants of file-encrypting malware - it scrambles files on the victim system and makes them unreadable. This includes media, document, archive and database filetypes. The encrypted files receive a very long, single-string extension appended to them. The new extension consists of the string ".PAY2DECRYPT", followed by a very long string of 22 alphanumeric characters, with mixed-case letters.
This means that a file originally called "document.txt" may transform into something like "document.txt.PAY2DECRYPTj87Y5Trf96PmkI743Hj01n.
To really drive home the point that your files have been encrypted, the ransomware drops no less than one hundred different plain text files with its ransom note, all of them dumped on the desktop and named "Pay2Decrypt1.txt" through "Pay2Decrypt100.txt".
The full text of the ransom notes goes as follows:
Ooops! Your files was been encrypted!!!!!!.
You can recover your files securely with our decryptor.
Send us an email to P2DqZHMg28A265z at postheo dot de (or to P2DoTJ6L16H1q7a at mail dot a1 dot wtf) to recover your files
Ask for Hynn and he will send his wallet (thank you Hynn) and the pay amount, this may vary from 0.0002 to 0.2 BTC
Hynn will rate your case (being friendly increases your chance to send you the decryptor free!) and
then he will send you more information.
You need to send your ID to send you the correct personalized decryptor.
ID: