The Pacman ransomware is a new lockscreen type of ransomware which is currently being spread via a worldwide attack campaign. The number of captured samples is very low which doesn’t give out which attack mechanism is being used by the hackers for this particular campaign. No information is also available about the hacking collective behind the attacks — they may be an inexperienced group of attackers that use popular techniques to spread the malware.
The Pacman ransomware can be delivered both via phishing emails and malicious web sites. They usually coerce the users into thinking that they have accessed a legitimate site or service and that the presented files can be useful for their systems. Additionally various payload carriers can be used as well — malicious documents and bundled software installers.
As soon as the Pacman ransomware has infected the machine it will launch a sequence of dangerous components that can carry out a wide range of malicious actions. Some of them include the following:
- Boot Options Modification — The infection engine which is an essential part of the ransomware can be used to make changes to the boot options and render access to the recovery menus impossible. Not only will the virus code be launched every time the computer boots, but manual user removal guides will not work properly.
- Security Bypass — The Pacman ransomware is able to identify any installed security software which can be bypassed or entirely removed. Such include anti-virus programs, sandbox environments, firewalls and intrusion detection systems.
- Windows Registry Changes — Most of the similar threats are programmed to make changes to the Windows Registry which can lead to serious performance issues, the inability to use certain functions and data loss.
- Additional Payload Delivery — Many ransomware samples are being used as payload delivery devices for other malware: Trojans, firewalls, intrusion detection systems and etc. This is done so because the Pacman ransomware itself might have already bypassed the system’s security.
As soon as the Pacman ransomware has finished running all contained within modules it will start to process the user data. It will use a built-in list of target file type extensions which will be encrypted. Before the file names the “encrypted” string will be placed. As soon as all files have finished processing a lockscreen instance will be called — an application frame will be drawn which can prevent the normal interaction with the infected host.
|Short Description||The ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.|
|Symptoms||The ransomware will show lockscreen blackmail window to the users. User data is also encrypted.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by Pacman ransomware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Pacman ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Pacman Ransomware – What Does It Do?
Pacman Ransomware could spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet. Pacman Ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Read the tips for ransomware prevention from our forum.
Pacman Ransomware is a cryptovirus that encrypts your files and shows a window with instructions on your computer screen. The extortionists want you to pay a ransom for the alleged restoration of your files. The main engine could make entries in the Windows Registry to achieve persistence, and interfere with processes in Windows.
The Pacman Ransomware presents a lockscreen and it will encrypt user data according to a built-in list of target file type extensions. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.
You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.
The Pacman Ransomware cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:
→vssadmin.exe delete shadows /all /Quiet
If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.
Remove Pacman Ransomware
If your computer system got infected with the .rar Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.