PedCont ransomware

Pedcont is a ransomware-type virus that stealthily infiltrates systems. Unlike most other ransomware, Pedcont does not encrypt or rename/modify data in any way, but it does display a pop-up window with a ransom-demand message.

The message states that stored data has been copied to a remote server and that users must pay a ransom of $50 in the Bitcoin cryptocurrency. Once payment is submitted, all stored files are supposedly deleted from the server. If, however, the victim decides not to pay, or payment is not submitted within the given time-frame (72 hours after infiltration), all data is transferred to ‘authorities’. In this way, users are threatened: those who have potentially illegal files may face serious issues. As mentioned above, this behavior is unusual to ransomware-type viruses. This ransomware does not append any specific file extension to the targeted data.

PedCont virus seems to be more of a scareware than a real ransomware because it does not properly encrypt data on the targeted computer. The main purpose of this cyber threat is to trick users that they are criminals who used internet for illegal activities, and now they have to make a payment in order to avoid prosecution.

Soon after the infiltration, PedCont ransomware displays a window on the screen with a threatening message where people can learn what had happened to their files, Criminals use pure psychological terror in order to convince victims into paying the ransom. Paying $50 does not seem as painful as being arrested. However, people standing behind PedCont have nothing in common with legal authorities. This malicious program is created for swindling the money from inexperienced and naive computer users.

pedcont

As soon as PedCont ransomware has infected your computer system, the virus may drop it’s payload files, which in their turn may reside in the following Windows directories:

%AppData%
%Local%
%LocalLow%
%Roaming%
%Temp%

As always, we recommend to not pay any ransom to these companies and use your back up to restore files. Always use Max Total Security to keep all ramsomware away and have peace of mind with automatic back up on local drive, network and on Google Drive.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>