Ransomware Research

Parasite Ransomware

Parasite is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on January 1, 2021, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: SharpCrypter, Paralock.

Quick Facts

Ransomware Family
Parasite
First Seen
January 1, 2021
Known Aliases
SharpCrypterParalock

How Parasite Ransomware Works

Targeted Files

8d2f2ee24882afe11f50e3d6d9400e35fa66724b321cb9f5a246baf63cbc1788 -> destroys files (.betarasite) 98eb1b7b7ba17e72f08da1f627e7b56edf55356876e266c7eaff616cf041f925 -> need param "rsa" to work

File Encryption Patterns

Parasite modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..parasite..betarasite..paras1te..paralock..arazite..RansomTrojanLock..jpghosts..phantom..0x0M4R

Ransom Note and Payment Demands

After encrypting files, Parasite displays ransom notes demanding payment for file recovery:

file@READ_ME_FILE_ENCRYPTED@.html

Ransom message:

notes/@READ_ME_FILE_ENCRYPTED@.html

Note locations:

UserFolders
fileinfo.hta

Ransom message:

notes/info.hta

Note locations:

UserFolders
fileHOW_CAN_GET_FILES_BACK.txt

Ransom message:

notes/HOW_CAN_GET_FILES_BACK.txt

Note locations:

RootDiscs
file___RECOVER__FILES__.RansomTrojanLock.txt

Ransom message:

notes/___RECOVER__FILES__.RansomTrojanLock.txt
fileHOW_CAN_GET_FILES_BACK.rtf

Ransom message:

notes/HOW_CAN_GET_FILES_BACK.rtf

Note locations:

RootDiscs

Technical Indicators

Associated Executable Files

The following executable files are associated with Parasite ransomware:

  • pdjfs.exe
  • prs.exe
  • Adobe Reader.exe
  • 98561.exe
  • svchost.exe
  • X.exe
  • X.bin
  • speedo.exe
  • x65454.exe
  • jjlylwvw.exe
  • ___________.exe
  • 有和人这中大为上个国.exe
  • 1.exe
  • $.exe
  • 1.bin.exe
  • ngg0to4u.exe
  • SchoolPrject1.exe
  • Ghost.exe
  • Jpghosts.log
  • TaskHost.exe
  • 98561.exe

Elastio Can Help You

Don't let Parasite ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This Parasite ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Parasite.

Last updated: July 30, 2025