Malware News Paradise Ransomware Uses RSA Encryption to Encrypt Your Files

[Solarquest]

Today, a victim of a new ransomware called Paradise posted in the BleepingComputer.com forums and uploaded a sample so we could take a look at it. While this ransomware is not revolutionary by any means, since it is in active distribution and a Ransomware as a Service (RaaS), I thought I would provide a brief analysis of how this ransomware works.

Unfortunately, the Paradise Ransomware is not decryptable without paying the ransom and affected users should attempt to recover files via alternate methods. To receive help or discuss this ransomware, you can use the dedicated Paradise Ransomware Support Topic.

Paradise Ransomware may be a Ransomware as a Service (RaaS)
....

 

[Solarquest]

VirusTotal

 

[Maliek]

It attacks local files first then share drives, then drops the ransom note when finished. It is stupid slow, because it directly encrypts files with RSA-1024. It generates an RSA key per victim, then encrypts that with a public key it has embedded.