Threat Database Ransomware Pedro Ransomware

Pedro Ransomware

By GoldSparrow in Ransomware

Malware researchers have uncovered a brand-new ransomware threat. This data-locking Trojan is called the Pedro Ransomware, and it belongs to the STOP Ransomware family.

Propagation and Encryption

It is not yet known what the precise infection vectors involved in the propagation of the Pedro Ransomware are. Some experts speculate the creators of the Pedro Ransomware may have employed mass spam email campaigns, bogus application updates, and pirated variants of popular software tools as propagation methods. If the Pedro Ransomware manages to sneak into your PC, it will start the attack with a brief scan. The goal of this activity is to determine the locations of all files of interest. Then, the Pedro Ransomware will start encrypting all the targeted files. Once this threat locks a file, it will alter its name by appending a ‘.pedro’ extension at the end of the filename. This means that an audio file, which you had named ‘Lost-Peridot.mp3’ initially, will be renamed to ‘Lost-Peridot.mp3.pedro’ and you will no longer be able to play it.

The Ransom Note

In the next phase of the attack, the Pedro Ransomware will drop a ransom note called ‘_readme.txt.’ The note reads:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:
Mark Data Restore

Your personal ID:’

The ransom fee demanded by the attackers is $980. However, they state that all victims that contact them within 72 hours of the attack takes place will receive a 50% discount, which will knock down the price to $490. The users are urged to send one file, which the attackers will decrypt free of charge. This is common practice and serves as proof that the authors of the ransomware threat have a working decryption key. There are two email addresses given out as contact details – ‘’ and ‘’ Furthermore, the attackers also give out their Telegram contact details - @datarestore.

It is never a good approach to contact cyber crooks or give them cash. They deliver on their promise rarely, and your money will go to further fund their criminal activities. A safer response is to download and install a legitimate anti-virus application, which will remove the Pedro Ransomware from your PC safely and make sure you do not find yourself in such a sticky situation ever again.


Most Viewed