'PacMan' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 17 |
First Seen: | March 26, 2015 |
Last Seen: | January 21, 2022 |
OS(es) Affected: | Windows |
The 'PacMan' Ransomware is a threat that is used to take money from the victims of this threat. The 'PacMan' Ransomware infection has been used to target Danish chiropractors through the use of highly specific phishing. The 'PacMan' Ransomware will stop legitimate Windows services and utilities from running on an affected computer. The 'PacMan' Ransomware is a variant of cryto-malware or ransomware infections that encrypt victims' files, effectively keeping the PC user's files unusable until a ransom is paid in exchange for the decryption key. The 'PacMan' Ransomware receives its name because the threat's creator goes by the nickname 'Pac Man' online.
How the 'PacMan' Ransomware is Spread
The 'PacMan' Ransomware is distributed using phishing email messages with advanced social engineering. The 'PacMan' Ransomware phishing emails contain an embedded link to a Dropbox file. This file contains the 'PacMan' Ransomware infection, installing it on the victim's computer when the link is clicked. Unlike many other similar ransomware threats, the 'PacMan' Ransomware does not only encrypt the victim's files; the 'PacMan' Ransomware has the capability to log keystrokes on the victim's computer (potentially collecting data), and interfere with the affected computer's settings.
Analyzing the 'PacMan' Ransomware Attack
As soon as the 'PacMan' Ransomware runs on the victim's computer, the 'PacMan' Ransomware will start encrypting files on the victim's computer that could contain important information. The 'PacMan' Ransomware may target Microsoft Office documents, image files, video game savers, database files and other types of documents. As soon as the 'PacMan' Ransomware finishes encrypting the victim's files, the 'PacMan' Ransomware will display the ransom message on the victim's Desktop. The 'PacMan' Ransomware is much more aggressive when it comes to paying the ransom than other similar threats. The 'PacMan' Ransomware is clear, if the ransom is not paid within 24 hours, then the files will remain encrypted. Unfortunately, decryption of the affected files is impossible without the encryption key. Because of this, the best ways of protecting oneself from the 'PacMan' Ransomware is to back up all sensitive files and to prevent threat attacks through the use of safe browsing procedures and strong security software and protocols.
The 'PacMan' Ransomware's Features and Capability
Malware analysts have analyzed the 'PacMan' Ransomware and have observed that this threat is developed in .NET. PC security analysts have also noticed an interesting development: the 'PacMan' Ransomware has keylogging capabilities. Apart from its encryption and keylogging capabilities, the 'PacMan' Ransomware will terminate certain Windows utilities, including Task Manager, Registry Editor, Terminal, PowerShell, System Restore, Windows Backup and Msconfig. These tools could potentially be used to remove the 'PacMan' Ransomware from an affected computer or to detect or stop its attack.
Potential Sources of the 'PacMan' Ransomware Attack
Malware analysts suspect that the creator of the 'PacMan' Ransomware is quite likely from Denmark. The messages that are associated with the 'PacMan' Ransomware are written in flawless Danish and use a social engineering approach to attacking inexperienced computer users. Most importantly, the 'PacMan' Ransomware attacks are highly targeted, meaning that targets are carefully selected rather than casting a wide net. PC security researchers have been alarmed at the skill behind the 'PacMan' Ransomware attack, making it likely that the perpetrators of this attack present a high risk for additional attacks. While the 'PacMan' Ransomware itself is fairly standard, the social engineering approach that underlies the 'PacMan' Ransomware attack means that this may be part of a larger campaign to target other vulnerable parties in Denmark. The effective attack on Danish chiropractors makes it highly likely that other businesses and private individuals in Denmark could fall for the same tactic. Because of this, malware analysts warn computer users in Denmark against phishing attacks that could be used to distribute the 'PacMan' Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.