Newly discovered PadCrypt ransomware offers victims real-time interaction with attackers
A ransomware has been found offering victims helpful customer service in the form of live chat support.
Security researchers at Abuse.ch in Switzerland were first to discover the strain of ransomware, named PadCrypt, which they say has now been disabled.
Taking computer virus customer service to a whole new level, it is thought to be the first type of ransomware to offer real-time interaction with the attackers – and it even comes with an ‘uninstaller’ function.
Studies into exactly how the ransomware spreads are ongoing but it is thought that it is sent via email disguised as a PDF attachment.
Once clicked on, PadCrypt encrypt’s the victim’s files and wipes out shadow volume data to prevent HDD recovery software from recovering copies of the files.
Users can then only recoup their files only by paying a ransom or by restoring them from an offline backup.
Lawrence Abrams of Bleeping Computer, which is also studying the malware, said: “A feature like live chat could potentially increase the amount of payments as the victim can receive ‘support’ and be guided on the confusing process of making a payment.”
“We have recently seen a ransomware that allows you to enable and disable the autorun for it, but this is the first time we have seen a ransomware that provides an uninstall program as well.
“Once the uninstaller is executed, it will remove all ransom notes and files associated with the PadCrypt infection. Unfortunately, all encrypted files will remain.”
How much do you know about hackers and viruses? Try our quiz!