Types header

Name PACMAN
Type Crypto
Encryption Type RSA
Short Description

Origin: Denmark

Symptoms

Symptoms of PacMan ransomware

If the system is infected with the pacman ransomware there will be many annoying problems for the users. Some of the common problems are as given below

i) The computer will crash automatically and restart on its own.

ii) Many programs that are installed will start to disappear.

iii) The victim will not be able to print using the infected device.

iv) Anti-virus cannot be updated.

v) Some security websites cannot be opened.

Distribution Method Phishing mails(spear phishing)
Image  PACMAN
More Details

This ransomware spreads basically via mails and fake alerts. This ransomware is said to be originated from Denmark since the ransomware are written in Danish without any flaws. Once this ransomware infiltrates it starts to scan the victim’s computer and searches for these specific files. Once encrypted the Pacman demands the victim to Pay the ransom within 24 hours, if the ransom is not paid within the time limit the file remains encrypted until paid. The first victims for this ransomware are Danish Chiropractors.

PACMAN1.1

Unlike other ransomware the Pacman does not only have the capacity to encrypt the files but also the ransomware has the capacity to log the keystrokes that are done by the victim, and also it interfere with the computer settings. This even hedges itself and kills the process that has the tendency to shut down the windows OS functions which makes harder to remove this ransomware . This ransomware has the capacity to control the functions as taskmanager,cmd prompt and etc.

Background of Pacman:

The codes that are developed for this ransomware are done in .Net framework so it needs to have the .NET package installed in it. This is present in most of the system now a days. From here the Pacman.exe is obtained and then it Is extracted and initialized in the victims computer. Once these process are done and the files are encrypted by scanning the computer by specific files. After this it contacts the C&C server. Then another extension .Encrypted is added to all the files then the display note is showed to the victim demanding the ransom.