Paradise: new ransomware that uses rsa encryption

Ransomware is on its way to becoming the word of the year. So far there have been many variants of this type of attack. Today is the turn of a new one. It's about Paradise. It is a different ransomware, because in this case it uses RSA encryption. Something that makes it especially dangerous.

Paradise: New ransomware using RSA encryption

Paradise is not an especially new ransomware as it has been around for a while. Although until very recently nothing was known. So we see it as something new. In addition, it is gaining more and more presence on the network. And it is a very special rasomware that works in a different way.

How Paradise works

Paradise works as a RaaS (Ransomware as a Service). This means that instead of selling malware, what they do is rent the control server to the highest bidder. So that it can carry out its computer attacks. At the moment it is not known how this ransomware manages to enter the systems. Although it is commented that it is most likely through junk emails. But it can also be with remote desktop sessions.

Once it infects the computer, it runs itself with administrator permissions and generates an RSA-1024 key. With it they encrypt all the data on the hard disk. Encrypts user data and changes the extension to a random character set. It also creates a ransom note for the user.

Since it uses RSA encryption, Paradise is somewhat slow. So if detected early this attack can be stopped. Since it uses many resources. And the security measures are the same as always in this case. Keep the equipment always updated and do not open or download files sent to us in emails from strangers.