PadCrypt Ransomware

Posted by Max Lehmann on February 18, 2016

What is PadCrypt Ransomware?

PadCrypt Ransomware, also known as PadCrypt 2.0, is a devious computer infection that was created to extort money from you. Anti-Spyware-101.com research team informs that this clandestine infection is an updated clone of CryptoWall and CryptoLocker infections, both of which are unreliable and deserve removal as well. Unfortunately, these threats are incredibly clandestine, and most users miss their chances to eliminate them in time. If this ransomware remains undetected, it can easily encrypt your personal files, which it can do using the AES encryption, after which all of the encrypted files gain the .enc extension. For example, when a file called “photo.jpg” is encrypted by this threat, it is renamed to “photo.jpg.enc”. Of course, this is not the only indication of this threat existing on your operating system. On the contrary, it will inform you about its own existence via a pop-up window, as well as a text file, “IMPORTANT READ ME.TXT”. Although most users will try to remove PadCrypt Ransomware, things are much more complicated than some might expect. test

How does PadCrypt Ransomware work?

The distribution of PadCrypt Ransomware is a complicated process. First, cyber criminals need to retrieve your email address, which, for example, could be leaked by unreliable adware programs. Then, cyber criminals send a spam email with a malicious executable attached to it. The message in this spam email is set up to trick you into opening the attachment, which only proves how careful you need to be when dealing with emails sent by unfamiliar senders or surfing the web in general. According to our research, this malicious ransomware introduces potential victims to a ZIP archive with a file that looks like a regular PDF file. In reality, this PDF file is an executable that, once launched, downloads additional files onto your computer, to the %AppData% directory. The files are downloaded from such Command & Control servers as subzone3.2fh.co, annaflowersweb.com, and cloudnet.online. If these servers are active, the ransomware can download files, send the decryption key making it inaccessible for you, as well as enable the Live Chat function. This function is truly surprising because this is the first ransomware to use it.

PadCrypt ransomware targets all personal files, including documents and pictures, which are usually most vulnerable. More and more computer users choose to back up their personal files using online file hosting systems, or they use external drives. If this is your situation, go ahead and eliminate the unreliable ransomware without wasting another moment. Needless to say, things get more complicated if you cannot retrieve your personal files in any other way than by decrypting them. The solution provided by the ransomware involves you paying a ransom, which is 0.8 BTC. This virtual currency is extremely unstable, but, at the time of research, it converted to ~340 USD. To make things “easier,” the creator of this infection provides users with an alternative payment method which is using Paysafecard and Ukash vouchers. As you might know, this method – just like with Bitcoins – ensures anonymous transaction, which means that cyber criminals can get your money without being traced. Are you thinking about paying this ransom? If you are, make sure you weigh all pros and cons. This might be your only option to retrieve your files, but you must keep in mind that cyber criminals are unpredictable.

How to remove PadCrypt 2.0/PadCrypt Ransomware

The removal of PadCrypt Ransomware is very straightforward. All you need to do is delete an executable file, a folder containing other files, and, of course, the fake PDF file that was used to execute this threat. The creator of this ransomware did not need to spend any time on making sure that this infection circumvents elimination because that does not matter. Even if you delete this ransomware, your files will remain locked, and you will still need to follow the demands of schemers to get the decryption key. All in all, even though you can eliminate this threat manually, we advise investing in reliable anti-malware software instead, and there are at least two reasons to do this. For one, your operating system will be cleared of all threats, and it is possible that others exist on your PC without your notice. Most importantly, your Windows operating system will gain the protection against malware, and that is extremely important.