Pandemic Ransomware, a variant of BigLock or CoronaLock ransomware, is a file-encrypting Trojan that locks files on an infected computer. This could include documents, photos, archives and files of other formats, and as is the custom with most ransomware types, it asks for a ransom in a text file. Cybercriminals are expected to exploit known malware entrance channels to spread Pandemic Ransomware, including spam emails, bundled downloads, and unpatched RDP vulnerabilities.
As it has become a highly-relevant theme in 2020 and 2021 to talk about the ongoing global pandemic, it’s no wonder that cybercriminals have decided to exploit it too. Similar to other threats like Hidden Tear or the Dharma Ransomware, it prevents users from accessing files after they are encrypted, and the “.pandemic” extension is attached to their original names. A very nasty wrinkle to this strain is the fact that it may lack any ‘brakes’ on encryption, meaning it might strive to eventually try to lock ALL files on your computer.
Pandemic Ransomware uses both AES and ChaCha algorithms for encrypting content. Another unique trait of Pandemic Ransomware is that it might target files without sorting them by file types. Pandemic Ransomware can also target files without extensions and attack non-default folders, instead of specifying media-related ones like Pictures and other Document types.
Pandemic Ransomware provides a more extended, revamped version of BigLock Ransomware’s ransom note. The attackers use both a TOR website and the Telegram messaging app to communicate their data recovery demands to the victims. We do not recommend contacting the attackers or paying the ransom, as there is never a guarantee of data recovery. Unfortunately, a free decryption tool for Pandemic Ransomware or BigLock Ransomware does not exist at the moment.
Remember that backing up files is crucial in times of malware. The use of trusted cloud storage is recommended for keeping files safe in case of aggressive malware attacks designed to corrupt, encrypt or even wipe files on your computer. Unfortunately, free decryptors are not developed for most ransomware programs, which is why it is important to be proactive about the security of your operating system and your personal files.
