PaySafeGen Ransomware Virus (Removal Steps and Protection Updates)

paysafe-generator-paysafegen-bss-image-1

The PaySafeGen ransomware is an advanced threat that poses as a code generator for Paysafe and has a screenlocking function. Learn how to remove it by following our guide below.


Name
PaySafeGen

File Extensions
.cry_

Special Feature
Screen Lock Function

Ransom
100 Euro

Solution #1
You can skip all steps and remove PaySafeGen with the help of an anti-malware tool.

Solution #2
PaySafeGen ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
The ransomware is spread mainly through spam email messages and untrusted download sites

PaySafeGen Ransomware Description

The PaySafeGen ransomware is a German threat that has derived its name from the combination of the Payment service provider Paysafe and Generator. Upon infection the virus infects the system components such as the Windows Registry by adding new values in it. This is made to make removal difficult to manage. Another use of the new registry keys is the autolaunch of the Paysafe Generator ransomware upon booting. Some of the confirmed file name extensions include the following:

.doc, .docx, .jpg, .mp3, .pdf, .pngm .txt, .xls, .xlsx

The ransomware note is delivered in German and the malware also has a screenlocking capability. The contents of the ransom note is the following:

!WARNUNG!
ALLE wichtigen Dateien und/oder Programme auf ihrem Computer
wurden mit AES-256 verschlüsselt. Das bedeutet Sie
können ihre Dateien und Programme erst wieder
verwenden wenn Sie sich einen 128-Stelligen
Entschlüsslungscode für 100€ kaufen. Nachdem sich dieses
Fenster geschlossen hat, finden Sie auf ihrem Desktop
eine Datei mit dem Namen “Kaufen” oder “Kaufen.exe”.
Geben Sie dort einen gültigen 100€-Paysafecardcode und
ihre Email ein. Paysafecardcodes finded Sie in fast jeder
Tankstelle und/oder Supermärkten. Nach der Verifizierung
des Codes durch uns bekommen Sie per Email den
Entschlüsslungscode zusammen mit weiteren
Instruktionen, um ihre Dateien zu entschlüsseln.

FALLS INNERHALB DER NÄCHSTEN 72 STUNDEN KEINE
ZAHLUNG ERFOLGT WERDEN ALLE DATEN GELÖSCHT.
Drücken Sie jetzt ENTER um auf
Ihren Desktop zurückzukehren.

A machine translation of the note in English is the following:

!WARNING!
ALL important files and / or programs on your computer
Were encrypted with AES-256. That means you
Can restore their files and programs only again
When you are using a 128-digit
Decryption code for 100 € buy. After this
Window has closed, you will find on their desktop
A file named “Buy” or “Buy.exe”.
Enter a valid 100 € -Paysafecard and
Her email. Paysafecardcodes finded you in almost everyone
Gas station and / or supermarkets. After the verification
Of the code by e – mail
Decryption code along with others
Instructions to decrypt their files.

IF IN THE NEXT 72 HOURS NO
PAYMENT ALL DATA WILL BE DELETED.
Press ENTER to enter
Your desktop.

As the ransomware impersonates a Paysafe code generator the virus triggers a Kaufen program (Buy) where the user has to enter a Paysafe card loaded with 100 Euro and their email to receive the decryption key.

paysafe-generator-paysafegen-bss-image-2

PaySafeGen Ransomware Distribution

The PaySafeGen Ransomware is delivered to users as a counterfeit Paysafe Code Generator. Various malicious ads and browser hijackers may lead to infections with the ransomware.

PaySafeGen Ransomware Removal

For a faster solution, you can run a scan with an advanced malware removal tool and delete PaySafeGen completely with a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely PaySafeGen Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of PaySafeGen requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete PaySafeGen ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps

restore-files-using-system-restore-point

STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *