I recently got an important clue, how this ransom deal takes place between a victim and these cyber criminals. One of reader who became victim of this ransomeware dropped an email to this ransom guy at the address firstname.lastname@example.org for his files recovery. This was the response by that guy:
"Transfer into account pay pal 50 dollars here email pay pal email@example.com'
Interestingly, instead of asking him standard $10 ransom (as mentioned in his earlier message) he asked him for $50, typical criminal mentality, isn't it? Unfortunately his greed doesn't end here. This malware instance came bundled in a fake 'SWF video codec' file. Upon execution this setup file installs three different malware on the victim machine including this ransomware.
Trojan Encoder, the one that encrypts the user file and asks for ransom in return.
A password stealing Trojan that uploads user personal information on a remote command and control server (antivirusubdate.no-ip.biz) using obfuscated protocol on TCP port 3460.