Threat Database Ransomware PedCont Ransomware

PedCont Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: June 6, 2018
OS(es) Affected: Windows

The PedCont Ransomware is an encryption ransomware Trojan. The PedCont Ransomware seems to combine elements of the infamous police ransomware, claiming to be part of a law enforcement operation, like traditional encryption ransomware Trojans. Overall, though, the PedCont Ransomware seems to be a low-quality threat with very little to differentiate it from the many encryption ransomware Trojans in use to extort computer users currently. The PedCont Ransomware takes the victim's files hostage and then demands a ransom payment to supposedly restore the victim's files. However, in most cases, the criminals will not help the victims restore their files so that paying these fees or communicating with the criminals is of no use.

The Lies Contained in the PedCont Ransomware’s Fake Warning

The PedCont Ransomware displays a large fake warning on the victim's computer claiming that the victim is being prosecuted for browsing forbidden online content on the Dark Web. The PedCont Ransomware then turns the victim's screen black and fails to respond. This may be part of a measure used by the PedCont Ransomware when being observed on virtual machines, however, so that it may not be an aspect of the PedCont Ransomware attack present on attacks on the wider public. The PedCont Ransomware encrypts the victim's files in the same way as most encryption ransomware Trojans active today. The following are the file kinds that threats like the PedCont Ransomware will target usually:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The full text of the PedCont Ransomware ransom note, which demands the payment and threatens the victim by making up a phony story about the victim's files being 'stored on an external server' reads:

'!!! Attention !!! – Please read this immediately:

Dear potential criminal,
- Due to you actively seeking out [illegal digital content] or similarly illegal content on the Deep Web, you have been infected with our ransomware called PedCont.

All of your sensitive data, location and files – pictures, videos, documents, etc. – have been auto-collected and saved to an external server and will be stored & protected for the next 72 hours (counting from the first time you see this message). If we do not receive any cooperation from your part once the time is up, international authorities WILL be contacted and sent detailed information about everything that we have scraped from your computer.

While it is no longer necessary for this program to stay on your computer, should you wish to prevent legal prosecution and safely get rid of our records, do NOT manually remove it, but instead follow the steps listed below.


The PedCont Ransomware's ransom note continues by displaying instructions about how to purchase and transfer cryptocurrency.

Dealing with a PedCont Ransomware Infection

Dealing with The PedCont Ransomware attack involves taking steps to restore your files after removing the PedCont Ransomware threat itself. Removing the PedCont Ransomware is relatively simple, and can be done with a reliable security program. However, when the PedCont Ransomware is done with the encryption of the files, they only can be restored by replacing them with file backups, which should be stored on the cloud or an external memory device.

SpyHunter Detects & Remove PedCont Ransomware

File System Details

PedCont Ransomware may create the following file(s):
# File Name MD5 Detections
1. 4ee60e0221726dbbe2da563c4d175b57d7b51e9e83e2c4b78364fba2272121c2.exe 60ef1e90b98658a70ed1a9349b0e83b6 1


Most Viewed