PadCrypt Ransomware

The PadCrypt Ransomware is a file encryptor that modifies your files for the purpose of selling a decryption solution to you. Although the PadCrypt Ransomware provides relatively extensive support for purchasing this service, malware researchers caution against paying its fee, which con artists may collect without decrypting any files. Backups can protect your PC's data from permanent damage, and anti-malware programs can, as always, remove the PadCrypt Ransomware safely.

The PadCrypt Ransomware: Making Illegal Ransoms Easier than Ever

The PadCrypt Ransomware is another revision of the popular CryptoWall Ransomware, and hews to that Trojan's same tactic of encrypting files, and then waiting for the victims' payments made out of hope of buying data restoration. Because of the PadCrypt Ransomware's relative newness to the threat scene, no decryptors have been made available for the public's free use, although various PC security entities claim to be working on solutions.

Early reports have seen the PadCrypt Ransomware, much like '.locky File Extension' Ransomware, using e-mail attachments for installing itself. Instead of using an exploit embedded in an otherwise standard document, however, the PadCrypt Ransomware uses a corrupted executable with both the icon and the name of a PDF file, to trick readers into opening the program. Since the PadCrypt Ransomware 's Trojan installer is an independent program, this delivery method is less reliant on software vulnerabilities that could be averted by security patches.

After its installation, the PadCrypt Ransomware scans all local hard drives for non-essential files of formats worth encrypting, such as documents or spreadsheets. Trojan-encrypted files, much like archives, can't be read by any associated programs, and will need to be run through a decryption process using a key unique to the PadCrypt Ransomware's payload. The PadCrypt Ransomware sells its victims this service, both with multiple instruction messages, as well as a 'live help' feature built into its pop-up window. Perhaps appropriately, this feature is non-functional currently due to a lack of response from the PadCrypt Ransomware's servers.

Overcoming a File Encryptor without Paying a Penny for Decryption

The PadCrypt Ransomware emphasizes the ease of use of its decryption 'purchase,' which requires transferring BitCoin currency to third parties in return for a feature that they may, or may not, deliver. Unlike past file encryptors with similar features, the PadCrypt Ransomware builds its chat feature directly into itself, rather than asking victims to download, install, and use a separate program, such as the TOR browser. Rather than paying this 450 USD ransom, however, malware experts always encourage using secure backups that can overwrite encrypted files without any need for decrypting your data. Note that your local backups, including VSS data, may be subjected to deletion by the PadCrypt Ransomware.

A PadCrypt Ransomware infection is extremely visible from its changes to your file names and desktop, in addition to its pop-ups and other ransom messages. If you do detect any of these symptoms on a PC, disconnect the machine from the Internet and reboot it into Safe Mode. Scan your machine with any reliable brand of anti-malware products and allow it to remove the PadCrypt Ransomware, as well as any other threats (such as its faux-PDF installer).

Particularly unusually, the PadCrypt Ransomware's current samples include uninstaller files. However, since these uninstallers may provide incomplete uninstallation and cannot decrypt your files, victims should avoid using them. Since the uninstaller can remove parts of the PadCrypt Ransomware without harming the file-ransoming payload, con artists may have provided their uninstallers as a means of limiting samples available to the PC security industry. Such efforts could slow down the development of free decryptors.

Technical Details