Infected with PedCont Ransomware? Need to decrypt your files?
What is PedCont Ransomware
PedCont Ransomware is a cryptographer, hitting personal data of the user, making them unusable, which threatens the loss of data. It affects various kinds of files, such as documents, image files, other media files, archives and much more. After encryption, PedCont Ransomware removes the operating system restore points and all previous versions of the files so that you cannot restore it. Developers deliver a special note file containing the following information:
PedCont :: COMPUTER HIJACKED! :: Pay ransom with BTC/LTC ***
!!! ATTENTION !!! - Please read this immediately:
Dear potential criminal,
- Due to you actively seeking out child pornography or similarly illegal content on the Deep Web, you have been infected with our ransomware called PedCont.
- WHAT HAS ALREADY HAPPENED:
All of your sensitive data, location and files - pictures, videos, documents, etc. - have been auto-collected and saved to an external server and will be stored & protected for the next 72 hours (counting from the first time you see this message). If we do not receive any cooperation from your part once the time is up, international authorities WILL be contacted and sent detailed information about everything that we have scraped from your computer.
While it is no longer necessary for this program to stay on your computer, should you wish to prevent legal prosecution and safely get rid of our records, do NOT manually remove it, but instead follow the steps listed below:
- WHAT WE REQUIRE OF YOU:
WARNING: DO NOT CLOSE THIS OR TURNOFF YOUR COMPUTER!
Date: 6/4/2018 - 11:23:37 AM
Your IP address: xxx.xxx.xx.xx
50$ USD = 0.00649990341144 BTC
Your wallet's ID [...]
[Uninfect computer and prevent legal action]
Despite the fact that the text is written in English, this virus is distributed around the globe, the most active it was in early June this year. Well, judging by the note, the developers claim that you have the opportunity to return your files because within three days they can return your files. But for this, you will need to pay fifty dollars. Do not pay in any way, it’s a clever deception. There are no guarantees that they will return your files! Remove PedCont Ransomware immediately using our instructions.
How PedCont Ransomware infected your PC
As a rule, PedCont Ransomware comes through a special video file, compressed by the WinRar SFX with name AliceRides.mp4_Unpack.WinRAR_SFX.scr. Penetration is the result of unprotected network settings and the lack of special utilities that can protect your PC from such threats. If PedCont Ransomware is already on your computer, then use the following utilities and programs. HitmanPro.Alert with CryptoGuard.
First of all don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the PedCont Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to PedCont Ransomware – files, folders, registry keys.
*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.
Step 2: Remove following files and folders of PedCont Ransomware:
Remove following registry entries:
Remove following files:
How to decrypt files infected by PedCont Ransomware?
Use automated decryption tools
There is ransomware decryptor from Kaspersky that can decrypt Spora files. It is free and may help you restore files encrypted by PedCont Ransomware virus. Download it here:
You can also try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although, latest versions of PedCont Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – PedCont Ransomware by PedCont Ransomware). This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Restore .lock, .1btc or .mich files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Protect your computer from ransomware
Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.
Written by Rami Douafi