We just released a new free decryption tool for the Paradise ransomware strain. First detected in September 2017, ID Ransomware reports that it’s still getting submissions to this day. Paradise is actively being distributed and appears to be used as a Ransomware as a Service (RaaS).
Paradise has fifty or more known extensions such as:
Chrysanthemum.jpg_V.0.0.0.1{help@badfail.info}.paradise
Chrysanthemum.jpg_zyJLvg_{defarmx@tutamail.com}.2k19sys
Chrysanthemum.jpg_odLFFK_{immortalsupport@cock.li}.p3rf0rm4
Chrysanthemum.jpg_jfFmkl_{support@p-security.li}.exploit
Chrysanthemum.jpg_wOaUUC_{support@p-security.li}.immortal
Chrysanthemum.jpg_iXcuNs_{petrus34@p-security.li}.sambo
Chrysanthemum.jpg_zbtGvf_{support1prt@cock.li}.prt
Chrysanthemum.jpg_fhskANK_{file@p-security.li}.Recognizer
Chrysanthemum.jpg_Support_{xr2rNX}.FC
Chrysanthemum.jpg_Kim Chin Im_{Jtmv9w}.sev
Most of Paradise’s extensions can be decrypted, but some are still in development. Visit the Emsisoft Decryptions Tools page to verify if the decryptor cannot decrypt your files.
Important: If the decryptor does not work for your files, do not delete them. Archive them so you’re able to unlock them once a decryptor is available.
Sign-up for the Emsisoft newsletter to get notified of new decryptors as soon as they’re released. (Scroll down to the end of this post to fill out the newsletter sign-up form).
You can download the FREE decryption tool linked below. A detailed guide is also included.
Download the Paradise Decryptor here
Emsisoft Decryptor for Paradise
Technical details
Paradise is a strain of ransomware that encrypts victims’ files using Salsa20 and RSA-1024, and appends one of several extensions such as “.paradise”, “2ksys19”, “.p3rf0rm4”, and “.FC”.
The ransomware also creates different variations of ransom notes (“—==%$$$OPEN_ME_UP$$$==—.txt”) and one of them reads:
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$ $$ $$
$$ ╔╗╔╗╔╗╔╗╦╗╦╔╗╔═ $$ █████████████████████████████ $$
$$ ║║╠╣╠╝╠╣║║║╚╗╠═ $$ █─█─███───███───███────████─█ $$
$$ ╠╝║║╠╗║║╩╝╩╚╝╚═ $$ █─█─█████─█████─███─██─███──█ $$
$$ ╔╗╔╗║║╔╗╔╗╔╦╗║╦║╔╗╔╗╔═ $$ █─█─███───███───███─██─████─█ $$
$$ ╠╝╠╣╬║╚╗║║║║║║║║╠╣╠╝╠═ $$ █───█████─█████─███─██─████─█ $$
$$ ╠╗║║║╬╚╝╚╝║║║╚╩╝║║╠╗╚═ $$ ██─██─█───█─█───█─█────█─██─█ $$
$$ $$ █████████████████████████████ $$
$$ $$ $$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
WHAT HAPPENED!
Your important files produced on this computer have been encrypted due a security problem.
If you want to restore then write to the online chat.
Contact!
Online chat: http://prt-recovery.support/chat/6-Support
Your operator: Support
Your personal ID: [redacted]
Enter your ID and e-mail in the chat that you would immediately answered.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not attempt to use the antivirus or uninstall the program.
This will lead to your data loss and unrecoverable.
Decoders of other users is not suitable to decrypt your files – encryption key is unique.
Successful decryption of Paradise ransomware
Download the Paradise Decryptor here
Emsisoft Endpoint Protection: Award-Winning Security Made Simple
Experience effortless next-gen technology. Start Free TrialRegardless of what any of the Paradise ransom notes might say, our decryption tool can help you recover your files for free. Please get in touch with our support team if you have any questions.