'pedantback@protonmail.com' Ransomware

The 'pedantback@protonmail.com' Ransomware is a file-locker Trojan from the AES-Matrix Ransomware's family. The code we refer to as 'pedantback@protonmail.com' Ransomware may be recognized by other security providers as Pedant Ransomware and Matrix-Pedant Ransomware. Infections result in being unable to open any media that it encrypts, such as documents, which can include both local and network-accessible content. Have your anti-malware product remove the 'pedantback@protonmail.com' Ransomware immediately before undertaking any recovery of your data, which requires a safe backup.

Files Getting Sucked Back into the Matrix

The AES-Matrix Ransomware family is sending attacks against Italy-based Windows systems with its new release, the 'pedantback@protonmail.com' Ransomware. The 'pedantback@protonmail.com' Ransomware, so-named for its ransoming contact that references its extension symptom, contains all of the usual hazards of its kind: removing backups, sabotaging files throughout the network, and linking the threat actor to the PC with a C&C connection. Malware researchers continue expecting attacks arriving through methods that let criminals exercise some degree of networked control.

Unlike some file-locker Trojans that trick the users into opening them, such as Hidden Tear, the 'pedantback@protonmail.com' Ransomware is meant for running manually. Threat actors use various means of accessing the PC, such as brute-forcing a set of login credentials and downloading and launching the Trojan's executable. The 'pedantback@protonmail.com' Ransomware displays a prompt interface while encrypting the files, which includes documents, pictures, and other media, in local directories, along with unprotected network shares.

The 'pedantback@protonmail.com' Ransomware adds a 'PEDANT' extension to those files, which is one of the few symptoms differentiating it from cousins like the 'cryptoplant@protonmail.com' Ransomware, the '.MTXLOCK File Extension' Ransomware, the Matrix-NOBAD Ransomware, and the Matrix-NEWRAR Ransomware. It also has an exceptionally well-formatted RTF document for a ransom note, which, as per usual, offers e-mails for negotiating for the decryptor and offers a 'free trial.' While malware experts don't discourage using the latter option, the victims should reconsider the Bitcoin ransom, which criminals could take without providing their unlocker.

Deflecting the Latest Iteration of Media Ransoming

Ironically, pedantry concerning one's storage of media is the best way of protecting your files from the 'pedantback@protonmail.com' Ransomware. Robust login security, the minimal use of RDP and open ports, and backups on removable or otherwise-safe devices will help with limiting the attacks and providing recovery options. Malware experts recommend monitoring e-mail attachments and links especially, which make up a major portion of file-locking Trojans' infection routes.

Victims should be sure of disabling all network connections for the infected PCs, which may maintain a Command & Control server connection for the threat actor. There isn't a free decryption program that can unlock anything that the 'pedantback@protonmail.com' Ransomware (or other AES-Matrix Ransomware variants) locks and most members of the family also will remove any standard Windows backups. However, proper anti-malware products should block the 'pedantback@protonmail.com' Ransomware without requiring any further assistance and may uninstall the threat safely.

Users that are continuing to pay ransoms instead of protecting their files will guarantee further offspring from the 'pedantback@protonmail.com' Ransomware's family. The only way to stop a ransom-based crime is to deny the criminal his share of any profit.