An updated version of PadCrypt ransomware has just been released. It includes additional features, such as an updated live chat interface, a blacklist of computer names, and a new decrypter.
The latest version of PadCrypt is 184.108.40.206 and unfortunately users cannot decrypt their files for free this time.
The new version of PadCrypt ransomware adds an Improved Live Chat Support Interface which includes commands that allow users to receive automated help on how AES encryption works, how to make a payment, and how many files were encrypted.
In addition, the updated version has automated commands to display the version of PadCrypt and the machine id associated with user’s computer. This machineid is the unique id which the malware creators associate with user’s encrypted files.
Also, PadCrypt ransomware now includes text which is automatically displayed to chat users when the chat window is opened. This text states that they are now an “official PadCrypt user” and taunts the users about how they will need to purchase the decryption key.
The support chat is active with PadCrypt support personnel often initiating conversations with the victims. A PadCrypt support person stated that they were just in charge of support and were not involved in the creation or distribution of the program. If this is true, then PadCrypt is being run as a company with different departments.
The new version of PadCrypt ransomware includes blacklisting of certain computer names from being able to run PadCrypt. For instance, if a user has a machine name which contains one of the blacklisted strings, the program will simply start and then terminate. This is being done in order to make it more difficult for known malware researchers or known sandboxes.
The computer name strings which are presently blacklisted are: “PLACEHOL”, “MALTEST”, “TEST-PC”, “BEA-CHI”, “BRBRB”, “VMSCAN”.
Additionally, PadCrypt ransomware updated its decrypter so that the victims can specifically enter the Secret and IV to perform the decryption of their files.