Severity scale  
  (99/100)

PadCrypt ransomware. How to Remove? (Uninstall Guide)

removal by - -   | Type: Ransomware
12

PadCrypt ransomware wants a ransom, but says you can recover files for free after 6 months

If you receive a new email in your inbox, do not rush to open it or download the attached content, regardless of how important the information provided may seem. PadCrypt virus and other similar ransomware programs spread through spam emails via infectious files attached to them. PadCrypt malware spreads in a form of a file that looks like PDF but actually is a zip archive containing a dangerous executed file, which, when extracted, infiltrates the system and starts encrypting user’s files, including photos, videos, word documents and other. PadCrypt ransomware uses AES-256 encryption algorithm to lock the files.

After the encryption is over, a new .txt file is created, which informs the user that now the files on the computer are locked and that the user has to buy an encryption key in order to get his/her files back, or else, these files will be lost forever. In short, it is a ransom note. The ransom is worth 0.8 BitCoin, which equals approximately $340 and must be paid through BitCoins, Ukash Voucher or Paysafecard. Usually, the required payments increase over time. The victim is also given a 96-hour deadline to pay the ransom and receive a private key to decrypt his/her files. If the victim does not transfer the money within the estimated time, the decryption key will be destroyed, and the files are lost forever, because, at the moment of writing this report, there is no other way to decrypt these files.

PadCrypt virus files

An interesting fact about this particular ransomware is that the encrypted data can be obtained free of charge in case the user waits six months and then contacts the PadCrypt. What is more, PadCrypt is the first ransomware virus that provides live chat support, which supposedly should let you contact the cyber criminals. Reportedly, they do not respond, so there is hardly any use from this chat.

Developers of PadCrypt virus allow the infected computer users to remove PadCrypt from their computers by providing a PadCrypt uninstaller, yet, after the elimination the files will remain encrypted. Also, PadCrypt deletes shadow volume copies as well, so you cannot recover the lost files from this system backup. The only way to protect your data from such dangerous viruses is to keep a backup of your records stored on an external drive. PadCrypt works similarly to such ransomware viruses like CryptoWall, TeslaCrypt or DMA-Locker (click on links to read more about these viruses). Actually, all the ransomware infections are essentially identical - they promise to decrypt your files if you pay the estimated amount of money. They differ only in encryption algorithms and the ransom size. We do not advise you paying the ransom because it is very likely that you will be left robbed not only of your files but your money as well. You should remember that the PadCrypt removal will not return your data but merely deletes the virus and its contents from your computer. We advise using a powerful malware removal software like Reimage to remove PadCrypt from your system for good.

Distribution of malware

PadCrypt, CryptoWall, and other malware programs are commonly distributed through peer-to-peer (P2P) networks, like Torrents, malicious spam email attachments or bogus software updates and may enter your system as Trojans.
For the reasons stated in this article, you should be careful when downloading files from untrustworthy Internet sources or opening email attachments received from suspicious senders.

As we have already mentioned, it is essential to remove this malware from your PC immediately. If you do not want to use an automatic removal tool, please study a manual PadCrypt removal guide provided below the following paragraphs.

Versions of PadCrypt virus

At first, PadCrypt was considered to be a suspended ransomware project because when it first showed up, its Command & Control servers were quickly deactivated. In spring of 2016, malware experts have spotted several versions of the virus that indicated that the author of the ransomware project is trying to renew it and start distributing it again. Currently, there are several modifications of the mysterious 2.0 version, known as PadCrypt 2.2.71.1, PadCrypt 2.2.86.1, and PadCrypt 2.2.97.0. However, it seems that these versions had no significant changes and were sent out to tiny amount of computer users, considering the number of complaints received. However, in autumn of 2016, the third version has emerged, and it seems to be a more noticeably improved virus.

PadCrypt 3.0 ransomware virus. Malware analysts first noticed traits of this version at the end of September 2016, and clear examples were detected in November. The third version claims to be using AES 256-bit encryption key and demands a ransom from the victim in exchange for the data decryption tool. Reportedly, PadCrypt 3.0 virus spreads as a Trojan in the form of a fake Visa Credit Card generator (Card Base 5.6.0.exe), also steals some information from server account from FileZilla, and it is being sold in the dark market for other criminals who want to contribute to its distribution. It seems that scams have created an affiliate system and they share the revenue with people who help to distribute the virus. Finally, it has been discovered that this version claims it is PadCrypt 3.1 in its source code, although the ransom note still says its 3.0 version. Victims should quickly remove this virus in case it infects their systems.

PadCrypt 3.1.2 ransomware virus. By far the latest PadCrypt ransomware variant PadCrypt 3.1.2 has emerged on the web in the beginning of December 2016 and struck the users with more questions than answers. The program does not seem to have acquired any new features, at least the ones that are apparent. We can only presume that the hackers behind the virus have patched up some problematic parts in the program's code and hope that these improvements have not made the parasite even more malicious. Perhaps a single interesting finding about this ransomware version so far is that it seems to be distributed by the well-known Artemis Trojan. It is yet unknown whether the virus decrypts the locked files after six months as the original virus version, but we do not recommend waiting it out. During this time you probably will not be able to use your computer properly and the new files you create on the infected device will be encrypted once again. Thus, we strongly recommend you to remove this version of PadCrypt from your computer.

Uninstall PadCrypt virus for good

Unfortunately, it is impossible to remove PadCrypt at the same time unlocking the files it has already encrypted. You can, however, delete this virus and its constituents from your computer. Although it is strongly advisable to use an automatic tool to terminate this virus, you can do it manually, too. However, we still advise you to scan your system with a reputable anti-spyware/anti-malware program to find additional threats that might be lurking in your computer without your knowledge. Nevertheless, the best way to protect yourself from such malicious viruses is to keep a backup version of your important files in some USB drive, external hard drive or CD/DVD.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall PadCrypt ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall PadCrypt ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2016-12-14 07:14)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2016-12-14 07:14)
Hitman Pro
Webroot SecureAnywhere AntiVirus
PadCrypt ransomware screenshot
PadCrypt 3.0 virus version snapshot

Method 1. Remove PadCrypt using Safe Mode with Networking

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove PadCrypt

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete PadCrypt removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove PadCrypt using System Restore

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of PadCrypt. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that PadCrypt removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Bonus: Recover your data

Guide which is presented above is supposed to help you remove PadCrypt from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by PadCrypt, you can use several methods to restore them:

Recover with Data Recovery Pro

Victims can try to decrypt their files using Data Recovery Pro software. It might help you to recover some of your files.

Wait six months to get your data back

PadCrypt says that victims should not delete the encrypted data because there is a chance to recover them for free in case the victim has no money to pay the ransom. If your files are not that important and you do not need them urgently, you can wait and see what happens. Just remember that criminals are unpredictable and you can never count on them. 

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from PadCrypt and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Harold Dalma
Harold Dalma - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Removal guides in other languages


Information updated:

Comments on PadCrypt ransomware

0
0
Hero19
Removed the virus, but the files are still encrypted. Is someone doing something to create a decryption tool or something like that?
0
0
Domm
A live chat? I would like to contact these frauds and say what I actually think about them... Filthy idiots
0
0
E.Jones
Need help decrypting my files. If anyone can help, please contact me - egl19001@gmail.com. I lost all my important records and I must get them back as soon as possible. Please help...

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)