PedCont Ransomware

The PedCont Ransomware is a Trojan that pretends that it's collecting digital evidence of online criminal acts. Its attacks also may interfere with your display settings, damage your files or create other security issues. Keep separate backups for restoring any media that this Trojan damages, and maintain updated anti-malware protection for deleting the PedCont Ransomware as promptly as possible.

Trojans Targeting Ashamed Erotica Audiences

File-locking Trojans like those of the Hidden Tear or the Jigsaw Ransomware families have yet to replace the old style of screen-locker Trojan campaigns entirely, which are responsible for the majority of 'fake police' themed disguises in attacks against random PC owners. Cyber-security researchers recently caught a sample of the PedCont Ransomware recently, a Trojan whose campaign includes fake legal warnings, cryptocurrency ransoms, and even sabotaging the monitor. Malware analysts estimate the latter's being an anti-Virtual Machine feature due to it contradicting any ransom-collecting efforts directly.

The PedCont Ransomware's threat actors are circulating their Trojan with fake extensions that disguise it as legitimate media content, such as a movie. After launching, the PedCont Ransomware sets hooks for the Windows mouse and keyboard and opens both the Microsoft Remote Access Service and the Windows Audio Service. The Trojan may be exploiting these features for enhancing its ransoming messages, giving criminals remote control over your computer or monitoring the user's input.

If the user lets the PedCont Ransomware complete this attack without any interruptions, the PedCont Ransomware loads a pop-up window claiming that the PC is under attack as a penalty for viewing underage adult material on the Web. While the PedCont Ransomware doesn't include any symbols or credentials specific to any law enforcement agency, it does claim that the PC's media is uploaded to a remote server for future analysis in court. As usual with similar attacks, malware experts see no mass data-uploading features with this Trojan's payload, although the vulnerabilities of a PedCont Ransomware infection could allow criminals to make further attacks for collecting more information.

Shortly afterward, the Trojan blacks out the screen display permanently, which could be either bug or an anti-VM feature for slowing down any security researchers.

Protecting Yourself from Guilt-Based Extortion

Although the PedCont Ransomware doesn't use the file-locking or deleting attacks of similar threats, its time limit could persuade a victim into paying its fifty USD Bitcoin or Litecoin ransom before they realize that the pop-up is a hoax. Data encryption shows no evidence of any implementation in current samples, although future updates could add it to the PedCont Ransomware, and malware experts often warn of the vulnerability of non-backed up files to file-locking Trojans like the Globe Ransomware. The limited legal protection of cryptocurrency transactions, also, always should be kept in mind by any PC users dealing with Trojans that leverage your privacy or data for their monetary demands.

Both the PedCont Ransomware's payload and its executable tactics imply that the Trojan's campaign is using file-circulating networks like torrents or free-downloading websites for compromising users. Double extensions and extensions not matching their icons or Property Details are some of the characteristics of threatening software pretending to be another file kind. Always analyze your downloads with appropriate brands of security and anti-malware software before running them so that deleting the PedCont Ransomware occurs before, and not after infection and its consequences.

A PC that's compromised by the PedCont Ransomware may require a total reinstall of its default display drivers or overall System Restore-based rollback for regaining a minimum of access to Windows. However, lost Bitcoins are lost permanently, which is one of many reasons why there's no point in taking legal advice from Trojan programmers.