PaySafeGen Ransomware Data Recovery

PaySafeGen is a ransomware virus that was first spotted in the wild in early May 2017. This virus is notable for being one of the first to use the new PaySafe payment method, which allows victims to pay the ransom using PaySafe cards instead of Bitcoin or another cryptocurrency. PaySafeGen is a very dangerous virus, as it will encrypt your personal files and demand a ransom be paid in order to decrypt them.

Once PaySafeGen is installed on your computer, it will scan your hard drive for personal files and then encrypt them. PaySafeGen is known to target the following file types: .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .jpg, and .png. PaySafeGen will then display a ransom note that demands you pay a ransom. This virus should be removed from your computer as soon as possible.

Distribution method: PaySafeGen is distributed via email attachments and malicious websites.

Encryption algorithm: PaySafeGen uses the AES-256 encryption algorithm to encrypt victims’ files.

File extension: PaySafeGen will append either the .locked or .paysafegen extension to the end of each encrypted file.

Ransom amount: PaySafeGen typically demands between $100 and $500. But the amount can be much higher depending on the number of files encrypted.

Payment method: PaySafeGen accepts PaySafe cards as payment for the ransom. PaySafe cards can be purchased from various retailers, such as 7-Eleven, Best Buy, and CVS.

Ransom note: PaySafeGen’s ransom note is titled “YOUR FILES ARE LOCKED”. In the note, PaySafeGen instructs victims to purchase PaySafe cards from a nearby store and then email the codes to a provided email address. PaySafeGen also provides instructions on how to download and install the PaySafe card reader.

Protection:

To protect your computer from PaySafeGen and other ransomware viruses, you should do some basic security measures:

• Use a reliable anti-virus program
• Do not open email attachments from an unknown sender
• Do not click on links in emails from an unknown sender
• Backup your important files regularly

What should you do?

If you are infected with PaySafeGen, you should take the following steps:

• Do not pay the ransom! Paying the ransom does not guarantee that your files will be decrypted.
• Remove PaySafeGen from your computer using a reliable anti-virus program.
• Restore your personal files from a backup, if you have one. If you do not have a backup, you may be able to use a data recovery program. SalvageData data recovery software can recover files encrypted by PaySafeGen.

Public decryption tool: There is currently no public decryption tool available for PaySafeGen.

Contact a data recovery service: PaySafeGen should be removed from your computer by a professional data recovery service.

SalvageData Recovery Services: If attackers infected you with PaySafeGen, we recommend that you contact our data recovery experts. We have successfully recovered data from PaySafeGen infections and can help you get your data back. Our success rate is among the highest in the industry and our prices are very competitive. SalvageData Recovery Services are available 24/7 and our team is standing by to help you.