Ransomware Research

PizzaCrypts Ransomware

PizzaCrypts is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on July 1, 2016, this ransomware has been actively targeting systems worldwide.

Quick Facts

Ransomware Family
PizzaCrypts
First Seen
July 1, 2016

How PizzaCrypts Ransomware Works

Targeted Files

.id-[victim_id]-maestro@pizzacrypts.info 317FKF8LCG90FUIAT.txt on the Desktop (the same contents as Pizzacrypts Info.txt)

File Encryption Patterns

PizzaCrypts modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

._maestro@pizzacrypts.info

Ransom Note and Payment Demands

After encrypting files, PizzaCrypts displays ransom notes demanding payment for file recovery:

filePizzacrypts Info.txt

Ransom message:

notes/Pizzacrypts Info.txt

Note locations:

EveryFolder

Technical Indicators

Associated Executable Files

The following executable files are associated with PizzaCrypts ransomware:

  • SIHClient.exe
  • print.exe
  • lpremove.exe

Elastio Can Help You

Don't let PizzaCrypts ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This PizzaCrypts ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like PizzaCrypts.

Last updated: July 30, 2025

PizzaCrypts Ransomware - Detectable by Elastio