October 12, 2017
A new variant of what appears to be BTCWare ransomware is currently targeting victims and appending the .[email]-id-id.payday extension to encrypted files. This family of ransomware targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
Below is a brief summary of changes in this new payday btcware ransomware variant.
What's New in the Payday Ransomware BTCWare Variant
According to Michael Gillespie, the creator of ID-Ransomware, this payday variant uses a new key generation when encrypting files, which cannot be cracked. So unfortunately, there is no way to decrypt payday files for free.
We also have a new BleepingComputer forum account named payday_lock that claims to be the developer making posts in the forums.
Post by the Payday Ransomware Dev
Payday Ransomware (BTCWare) Ransom Note
You can see an example of an encrypted folder below.
Folder of Encrypted Payday Files
If any new information or methods to decrypt the files becomes available, we will be sure to update this article.
Filenames associated with the Payday Ransomware Variant:
Payday BTCWare Ransomware Ransom Note Text:
Emails Associated with the Payday Ransomware: