.PEDANT Ransomware — How to Remove Virus Infections
THREAT REMOVAL

.PEDANT Ransomware — How to Remove Virus Infections

This article will aid you to remove .PEDANT Ransomware. Follow the ransomware removal instructions provided at the end of the article.

.PEDANT Ransomware is one that encrypts your data and demands money as a ransom to get it restored. Files will receive the .PEDANT extension. The .PEDANT Ransomware will leave ransomware instructions in a ransomware note file. Keep on reading the article and see how you could try to potentially recover some of your locked files and data.

Threat Summary

Name.PEDANT ransomware
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files by placing the .PEDANT extension on the affected files on your computer system and demands a ransom to be paid to allegedly recover them.
SymptomsThe ransomware will encrypt your files and leave a ransom note with payment instructions.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .PEDANT ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .PEDANT ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.PEDANT Ransomware – Distribution Techniques

The .PEDANT ransomware as a new variant of the Matrix ransomware family has been spotted in a small-sized attack campaign. The low number of captured samples does not give out whicfh is the primary method of distribution, we assume that any one of the popular ones can be used.

A popular tactic is the use of email SPAM messages which are widely used to confuse the recipients into thinking that they have received a legitimate notification from a well-known company or service. In most cases they will link to the virus files in the body contents, the alternative is to directly attach them to the emails.

An alternative is to create malicious web sites that attempt to replicate legitimate sites, download portals and other popular pages. They are made by using similar or the same design elements as the real ones. The .PEDANT ransomware files can be spread to the victims by being included in links and all kinds of content. Furthermore the threat can be spread via malicious ad networks that operate using banners, pop-ups, redirects and in-text links.

Often ransomware threats can be spread via payload carriers of which there are two main types:

  • Infected Documents — The criminals can embed the installation code in macros that can be placed in all of the popular document types: presentations, spreadsheets, text documents and databases. Whenever they are opened a prompt will appear asking the victims to enable this content, the quoted reason is that this is required in order to correctly view the file.
  • Malicious Application Installers — The criminals can create infected setup files of popular software. The hackers will typically choose applications which are regularly downloaded by end users: productivity and office solutions, creativity suites, system utilities and others. They are made by taking the legitimate files from their official sources and modifying them to include the relevant ransowmare code.

In other cases the .PEDANT ransomware files can be spread via browser hijackers which represent hacker-made extensions made for the most popular web browsers. They are mostly found on the relevant repositories using fake user reviews and developer credentials. Most of the hijackers promise new feature additions or performance optimizations. In reality when they are installed on the victim systems modifications to the default settings will occur — the home page, new tabs page and search engine. When this step has completed running the ransomware infection will follow.

.PEDANT Ransomware – Detailed Analysis

Like previous Matrix ransomware samples the .PEDANT ransomware can be configured to execute various malicious actions as devised in the attack campaign. Most of the Matrix ransomware files begiin the infections with a data retrieval module which can retrieve information from the computers that can be categorized into two main types:

  • Personal Information — The engine can be programmed to look for strings that can directly reveal the identity of the victims. This can include data snippets such as their name, address, phone number and passwords. The extracted information can be used for a variety of crimes such as identity theft, blackmail and financial abuse.
  • Computer Information — The other category of information that can be acquired includes data that is used to generate an ID that is assigned to each individual infected computer. The input values are processed by an algorithm that outputs this combination of alphanumeric symbols. The data that is required in most cases is the parts list of the installed hardware components, user settings and certain operating system environment values.

The collected information can then be processed by another module called security bypass which wil use the harvested data to locate if any security applications are installed — their real-time engines can be disabled or entirely removed. In most cases this will affect anti-virus software, firewalls, intrusion detection systems and virtual machine hosts. In some cases advanced versions can delete itself if this step fails.

If this step is completed the .PEDANT ransomware will proceed further with various system changes. Most of them will affect the Windows Registry. When the strings that are used by third-party applications are modified unexpected errors and shut downs can occur. Changes to any values that are part of the operating system services will lead to severe performance problems and the inability to use certain functions.

When configured the .PEDANT ransomware can additionally configure itself as a persistent installation which will run every time the computer boots. This is usually followed by a reconfiguration of important system settings which will disable access to the recovery boot menus. This will practically render most manual user recovery guides useless as they depend on them.

Other malicious actions that can be undertaken by the hackers is to remove important system data such as Restore Points, Backups and Shadow Volume Copies. In this case the victim users will need to resort to a combination of an anti-spyware utility and a data recovery program.

Matrix ransomware samples are built on a modular platform and they can be used to spread other malware threats as well. A popular option is the delivery of Trojans which are used to allow the criminal controllers to take over control of the infected machines, spy on the victims and steal user data.

Another malicious threat which can be deployed to the infected computers is the cryptocurrency miner. It will take advantage of the available system resources in order to compute complex mathematical tasks. They will place a heavy load on all important components: CPU, GPU, Memory and hard disk space. The tasks will be downloaded to the target computers in bulk and when one of them has completed running digital funds in the form of cryptocurrency will be directly wired to their digital wallets.

Future .PEDANT ransomware samples can include other malicious modules as well. This depends on the chosen targets, distribution strategy and goals.

.PEDANT Ransomware – Encryption Process

The .PEDANT Ransomware encrypts user data with a strong cipher according to a built-in list of target data extensions. In most cases it will target the most popular ones:

  • Archives
  • Backups
  • Documents
  • Images
  • Videos
  • Music

The victim files will be renamed with the .PEDANT extension and a ransomware note will be created to coerce the victims into paying a decryption fee to the hackers. The file will be called “!PEDANT_INFO!.rtf”.

Remove .PEDANT Ransomware and Try to Restore Data

If your computer system got infected with the .PEDANT ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...