PadCrypt Ransomware

The PadCrypt Ransomware is a ransomware Trojan that has a new 'feature': the PadCrypt Ransomware allows its victims to receive live 'support' via a chat window. Ransomware infections have become gradually more sophisticated over the years. Considering the large amounts of money that are generated from infections like the PadCrypt Ransomware, it is not surprising that con artists are starting to include more advanced features into their threats that allow them to increase the potential revenue from ransom payments. The PadCrypt Ransomware and its various variants not only provide a live support chat window; they also include an uninstaller feature!

The PadCrypt Ransomware may be a Descendant of the CrytoWall Family

PC security analysts believe that the PadCrypt Ransomware was created by building on the code of an older threat from the well known CryptoWall family of ransomware Trojans. The PadCrypt Ransomware may spread using corrupted PDF email attachments, although it is still unclear exactly what email message tactics have been associated with the PadCrypt Ransomware. Corrupted email messages associated with the PadCrypt Ransomware may include an executable file that has been zipped and disguised to look like a PDF file. Once the compromised 'PDF' file is opened, the PadCrypt Ransomware infects the victim's computer, encrypting files on the infected hard drive, deleting Shadow Volume copies of encrypted files, and blocking any potential system restore or recovery options from functioning. Once the PadCrypt Ransomware has completed its attacks, the victim can only restore the files from a backup stored in an external location, or pay the ransom amount that the PadCrypt Ransomware demands.

The PadCrypt Ransomware Allows Victims to Chat with Its Operators

The PadCrypt Ransomware will demand the ransom by dropping image, text, and HTML files on the directories where the PadCrypt Ransomware has encrypted files. The PadCrypt Ransomware also will display pop-up windows containing the ransom message, which requests the payment of 0.8 Bitcoin (averaging about $350, depending on the current Bitcoin exchange, which can fluctuate substantially). The PadCrypt Ransomware pop-up window has caught the attention of PC security researchers because the PadCrypt Ransomware includes a link that is marked 'Live Chat.' When computer users click on this link, a live support chat window opens, which allows victims to contact the operators of the PadCrypt Ransomware. However, since the PadCrypt Ransomware Command and Control server is not currently operational, this feature does not seem to work.

The PadCrypt Ransomware’s Bizarre Features

Some versions of the PadCrypt Ransomware's predecessor, Cryptowall, also included live support. However, Cryptowall's support was included in the website where its ransom was paid. In the case of the PadCrypt Ransomware, the support works directly from the victim's computer, not requiring the installation of TOR or the victim's Web browser. Another bizarre feature associated with the PadCrypt Ransomware is that it includes an uninstall feature. This uninstaller, a file named Unistl.exe, does not do anything to decrypt the affected data. However, it does uninstall the PadCrypt Ransomware infection. Although it seems counter-intuitive to include an uninstaller to a threat infection, ransomware like the PadCrypt Ransomware encrypts the victim's files and does not need to stay installed. The most probable reason for the PadCrypt Ransomware's uninstaller and live chat feature is that the con artists may have used templates and recycled code to create the PadCrypt Ransomware, which may have generated these features automatically.

Counteracting the PadCrypt Ransomware

Malware researchers advise against paying the PadCrypt Ransomware's ransom amount. There is no guarantee that the con artists will deliver the decryption key, and paying the ransom only serves to facilitate the production of additional ransomware infections. Instead, it is important to establish a culture of backing up all important data regularly. Once the backup of all files becomes a regular thing among computer users, ransomware like the PadCrypt Ransomware will merely be an annoyance and become completely ineffective.

SpyHunter Detects & Remove PadCrypt Ransomware