Pxj ransomware


Pxj ransomware is crypto-malware that threatens to delete decryption key if victims will not pay a ransom within a week

Pxj ransomware
Pxj ransomware is a type of malware that renders all personal files useless until a ransom is paid for the attackers

Pxj ransomware
Pxj ransomware is a type of malware that renders all personal files useless until a ransom is paid for the attackers

Pxj ransomware is a malicious program designed to lock all pictures, videos, music, documents databases and other personal files on the infected computer. For that, the malware uses a combination of sophisticated encryption algorithms AES + RSA, and also appends .pxj extension to each of the files, restricting access to them. For example, a file “picture.jpg” is turned into a “picture.jpg.pxj,” and the original file type icon dispersal, leaving a blank one instead.

Upon infiltration, Pxj virus also drops a ransom note LOOK.txt – it serves as a message designed to inform users about the infection, and what they have to do next. According to cybercriminals, victims need contact hackers via [email protected] or [email protected] emails, and then purchase decyption tool from them. However, we suggest not to try fulfilling threat actors’ demands, despite that they are threatening to permanently remove Pxj ransomware decryption tool from their servers after seven days – there may be other methods that could help you with data recovery.

Name Pxj ransomware 
Type File locking virus, crypto-malware
Distribution Spam email attachments and hyperlinks, software cracks/pirated program installers, fake updates, exploits, etc.
Encryption method  Malware uses RSA + AES ciphers to lock pictures, music, videos, documents and other personal files 
File extension A marker .pxj is appended to every non-system and non-executable file
Main executable  sav.exe 
Ransom note  Ransom note LOOK.txt is dropped into most of the folders, as well as desktop
Contact Malicious actors ask uses to contact them via [email protected] or [email protected] email
File recovery  The only secure way to recover encrypted data is by using backups; without them, only hackers behind ransomware have the key that can unlock files, although this method is not recommended. We highly suggest you try alternative data recovery methods listed below
Malware removal To get rid of ransomware, you need to scan your machine with anti-malware software. In some cases, accessing Safe Mode is required – check the instructions below
System fix  Malware can corrupt certain system files during the infection process. To revert virus damage, use PC repair software Reimage Reimage Cleaner

Discovered by a security researcher that uses pseudonym dnwls0719 at the end of February 2020, Pxj ransomware does not seem to have any connections to other ransomware strains. Its analysis on Virus Total shows that multiple AV engines detect the threat as follows:[1]

  • Ransom.FileCryptor
  • Trojan:Win32/Genasom!MSR
  • Trojan.Ransom.Genasom
  • Trojan.GenericKD.33369615
  • Win32:Malware-gen
  • A Variant Of Win32/Filecoder.OAU
  • Trojan.Win32.Encoder.hcnyni, etc.

As evident, most of the AVs detect the executable as a generic malicious file, meaning that it was not present in malware databases (heuristic detection).[2] Because of this, it is not exactly clear how Pxj ransomware virus propagates, but it is highly likely that malicious actors implement a variety of attack vectors, including spam emails, web injects, software cracks, exploits/vulnerabilities, etc.

Once executed, the Pxj ransomware creates multiple new folders in User, Temp, and Desktop folders, and performs the necessary system changes that are needed to ensure a successful data encryption process and malware operation. For example, it deletes Shadow Volume Copies by using “vssadmin.exe delete shadows /all /quiet” command to prevent a quick file recovery using automatic Windows backups.

Pxj ransomware virus
Pxj ransomware is a file locking virus that uses RSA + AES encryption algorithms to encrypt data on the host machine

Pxj ransomware virus
Pxj ransomware is a file locking virus that uses RSA + AES encryption algorithms to encrypt data on the host machine

Once the preparations are complete, Pxj ransomware encrypts the most commonly used file types in order to maximize the damage caused to the victim. After the encryption, users can see the following ransom note “LOOK.txt” which is opened automatically:

Hello.

All your files like photos, databases, videos, documents and other importants are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.

Guarantee:
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only one for free. File must not contain valuable information.

If you do not contact us within 3 days, the price will double every day.
And if you do not get in touch for a week, your files will be lost forever.

Our mail address:
[email protected]

Reserved mail address:
[email protected]

While we stand by the statement that paying the ransom to cybercriminals might be a huge mistake, it is also true that deciphering encrypted files requires a unique key that they store on a remote server. In other words, only Pxj ransomware developers have the key that can unlock data on your device. Nevertheless, some alternative methods are worth checking out – we provide all the details below, although keep in mind that there is no guarantee that they will be effective when trying to decrypt Pxj ransomware-locked files.

Nevertheless, before you attempt that, you should make a copy of all your important files that were encrypted, as any type of modifications may permanently damage them, and then even a working Pxj ransomware decryption tool will not be able to recover the data.

After you copy files, it is equally as important to perform comprehensive Pxj ransomware removal by using a reputable anti-malware tool. Many people get confused when they deal with a ransomware infection, and wrongly believe that its removal will restore encrypted files. It is not possible, as security software is not designed for such purposes. What is possible, however, is rebuilding the Windows operating system and ensuring its stability – we advise using Reimage Reimage Cleaner for that.

Ransomware intrusion prevention methods

Malicious actors behind ransomware chose this malware type because it is extremely lucrative, and while not all the victims pay ransoms, those that do are enough to make it worthwhile. Many developers/distributors also employ ransomware-as-a-service scheme to make the malware more prevalent or go “big game hunting” – attack high profile corporations, businesses, and cities to extort a large sum of money from one attack.[3]

Unfortunately, security researchers have also observed a particularly alarming trend among ransomware developers – they threaten to publish the information they collected during the attack.[4] As a result, ransomware can not only leave victims without file access but also compromise their personal safety by selling the data on the underground hacking forums.

Pxj ransomware encrypted files
Once Pxj ransomware encrypts data, it loses its icons and is no longer accessible – it requires a unique key that is stored by the attackers on a remote server

Pxj ransomware encrypted files
Once Pxj ransomware encrypts data, it loses its icons and is no longer accessible – it requires a unique key that is stored by the attackers on a remote server

Therefore, it is imperative to ensure that ransomware does not enter the computer and/or its connected networks in the first place – precautionary measures should be used for that. As a home user, you should apply the following practices to reduce the infection risk to a minimum:

  • Install comprehensive security software with real-time protection feature;
  • Update your operating system and the installed applications as soon as security patches are released;
  • Protect all your accounts with alphanumeric passwords and never reuse them;
  • Do not open spam email attachments that ask you to enable macro function;
  • Never download software cracks/keygens or pirated program installers.

Additionally, by regularly backing your most important files, you can negate the impact of ransomware infection substantially.

Remove Pxj ransomware and only then attempt file recovery

For those who are facing the Pxj virus for the first time (or any ransomware), the cause of actions could be confusing, as many questions arise. For example, “should I pay for the decryption tool?” or “can I recover my files for free?”. As previously mentioned, paying cybercriminals is not a good idea, and should only be applied if absolutely necessary – it can result in monetary loss. First, we suggest you make copies of encrypted files, remove Pxj ransomware, and the try alternative recovery methods listed below.

For Pxj ransomware removal, you should employ powerful anti-malware software that could delete all the malicious files on your system. Note that some ransomware viruses self-delete after encrypting files, so there is nothing to eliminate afterwards. Nevertheless, we highly suggest scanning the machine with multiple AVs to ensure that malware is gone.

Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Remove Pxj using Safe Mode with Networking

In case Pxj ransomware is tampering with your security software, you should access Safe Mode with Networking and perform the scan from there:

  • Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8

    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Pxj removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Pxj using System Restore

System Restore might be successful when trying to eliminate the infection as well:

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Pxj from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Pxj, you can use several methods to restore them:

Data Recovery Pro software might be what you need

If you used your computer very little after the infection, there is a chance that at least some of your data can be restored by Data Recovery Pro.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Pxj ransomware;
  • Restore them.

Make use of Windows Previous Version feature

This method can only be applied if you have an active System Restore point prepared, although this can sometimes also be eliminated by ransomware.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

In some cases, ShadowExplorer might be able to recover all .Pxj files

If Shadow Volume Copies were not deleted by the virus, you can use ShadowExplorer to recover your files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryption tool is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Pxj and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

This entry was posted on 2020-03-04 at 04:40 and is filed under Ransomware, Viruses.