How to remove Pandemic ransomware and recover files

Delete Pandemic ransomware from computer

Pandemic ransomware is another ransomware variant named BigLock. This ransomware was discovered by Michael Gillespie. Like all other variants, it encrypts stored files and demand ransom for the decryption. During the encryption, this ransomware renames files by appending “.pandemic” extensions to the end of their filenames. For example, a file 1.jpg would appear 1.jpg.pandemic after encryption. After that, the ransomware creates PROTECT_INFO.TXT text file and drops it on users desktop.

How Pandemic ransomware demands ransom money?

The created text file message states that Pandemic ransomware encrypts files by using ChaCha and AES encryption algorithms. In order to access it, victims have to use RSA private key which can only be purchased from the cyber criminals who are behind this infection. It can only be purchased from the Tor website which is provided in the ransom note. Once victim access such site, they have to contact user named via @spacedatax on Telegram.

The created ransom note clearly says that if your computer is infected with another variant of this ransomware then users have to contact cyber criminals through email address and wait for further instructions. Additionally, it is mentioned in the ransom note that payment is accepted in Bitcoin form only. After that, they also warn victims not to rename encrypted files using third party software otherwise it may lead to permanent data loss.

Apart from this, users are offered a free decryption test of some encrypted files. Those files are send to Pandemic ransomware developers before paying for a decryption. Unfortunately, it is impossible to decrypt files without having to use a key that can only be provided by cyber criminals because there are no any tools available that can decrypt files encrypted by it. Although, you are highly advised not to contact people who are behind this attack and pay money to them.

Threat specification

Name: Pandemic ransomware

Type: Ransomware, Cryptovirus

Short Description: The ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.

Symptoms: The ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.

Cyber criminal contact: @spacedatax on Telegram (and [email protected] when a computer is infected with another variant.)

Extension used: .pandemic

Ransom demanding message: PROTECT_INFO.TXT 

Distribution methods: spam email attachments, bundles of free software programs, corrupted websites, harmful links and many other tricks.

Removal: Use Spyhunter to remove Pandemic ransomware completely from the system. Once malware gets removed, recover your files using backup or other data recovery software.

Methods for ransomware distribution:

There are various methods used by developers to infiltrate Pandemic ransomware into the system. One of the popular ones is to send emails that contain malicious attachment along with it. If executed or opened, such files install ransomware or other high risk malware. Also, it is common that their emails contain some suspicious links that are designed to download malicious file. Another way to get the PC infected with ransomware type programs are bundled free programs, porn or torrent sites, harmful links, file sharing through unsafe network and many more.

Should victim trust on cyber criminal?

As you know, victims cannot decrypt their files without paying ransom money. A developer behind this doesn’t have any intention to unlock your files, it is only aimed to trick innocent users and extort money from them. So, users are highly advised to remove Pandemic ransomware totally from the system using automatic malware removal tool and then try to restore your files using the backup file or other data recovery software. Before going through removal process you must know that removal of ransomware may not restore already compromised files but prevent it from further encryptions or infections.

Remove Pandemic ransomware

In order to remove Pandemic ransomware infection from the system, two removal processes have been described below namely manual and automatic. As you know, manual process is hectic and time-consuming. It also requires advanced technical skills to perform malware removal process. So we suggest you to use a strong anti-malware removal tool such as Spyhunter that can remove Pandemic ransomware completely and safely from the machine to avoid it from further infections.

Text presented in Pandemic ransomware’s pop-up window:

########################################################
############## YOUR FILES WERE ENCRYPTED  ##############
########## AND MARKED BY EXTENSION .pandemic ###########
########################################################

YOUR FILES ARE SAFE! ONLY MODIFIED :: ChaCha + AES
WE STRONGLY RECOMMEND you NOT to use any “Decryption Tools”.
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.

To get RSA private key you have to contact us via the link below, located in the TOR private network.
Using this link you can get all the necessary support and make payment.
You just have to download and install the TOR browser (google it) via official site
>> hxxp://dj55huaqbbsnhwngb5rgeq65ns3nteyon7wlp32gkamzs3k2ogrdr5qd.onion <<

If you have any problems with TOR browser, contact us via Telegram (google it):
@spacedatax – it our telegram contact
and send us your id: >> – <<

HOW to understand that we are NOT scammers?
You can ask SUPPORT for the TEST-decryption for ONE file!

After the successful payment and decrypting your files, we will give
you FULL instructions HOW to IMPROVE your security system.
We ready to answer all your questions!

Do You Suspect Your Computer May Be Infected with ‘Pandemic ransomware’ & Other Threats? Scan Your Computer for Threats with SpyHunter

Spyhunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Pandemic ransomware as well as a one-on-one tech support service.

For more information, read SpyHunter’s EULA, Threat Assessment Criteria, and Privacy Policy. The scanner you download here is free version and is able to scan your system for possible threat’s presence. however, it requires a 48 hour period to remove detected threats without any charge. if you want not to wait for that period, you will have to purchase its licensed version.

(Data Recovery Solution)

The first recommendation is to recover your encrypted data with backup files you have created. In case there is no backup available, try to restore your encrypted data with data recovery tool suggested here.

Recommended methods for Pandemic ransomware removal and restore encrypted files

Pandemic ransomware is very harmful crypto-malware designed to encrypt all types of files including photos, audios, videos, documents and other files, and make them inaccessible. After encryption process, it spreads the ransom note in each folder of your computer that claims the decryption is possible only when you use its data recovery service. We recommended you to please avoid paying demanded ransom money to them.

In that case, you need to remove Pandemic ransomware and all the related components from PCs immediately and then perform data recovery process. Here, we are discussing about both malware removal and data recovery method that could help you to solve your problem. Ransomware removal method will help to find the location of this nasty crypto-malware in your computer and remove them completely while data recovery method will help you to get back your damaged or locked files in your machine. Let’s go for the solution.

Remove Pandemic ransomware using “Safe Mode with Networking”

  • Restart your PCs and press “F8” function key multiple times you see the “Advance Boot Options” window
  • Select “Safe Mode with Networking” in the list
  • Now, log in to account with Pandemic ransomware infection
  • Open your internet browser and download the legitimate anti-malware software. You can download “SpyHunter” anti-malware software that has the ability to delete all types of malware or spyware from machine.
  • Update the anti-malware software and starts the “Full Scan” operation to remove all programs related to Pandemic ransomware from machine.

Remove Pandemic ransomware using “Safe Mode with Command Prompt” and “System Restore”

  • Restart your computer and press “F8” function key multiple times until “Windows Advance Options” menu appears

  • Select “Safe Mode with Command Prompt” option in the list

  • Now, type “cd restore” command in command Prompt and hit “Enter” key to execute it

  • After that, type “rstrui.exe” command in command line and hit “Enter” key
  • Once “rstrui.exe” command executed, “System Restore” window will appear
  • Click on “Next” button

  • Choose one of available “Restore Points” and click on “Next”

  • In the confirmation dialog box, click on “Yes” to start “System Restore” process

  • After restoring your computer to previous date, download/install and scan your computer with powerful anti-malware software to eliminate any remaining malicious programs related of Pandemic ransomware. You can download the powerful antivirus software via “download link” below

Download Spyhunter Anti-Malware Tool

Restore files encrypted by Pandemic ransomware using “Windows Previous Versions” feature

To restore individual files encrypted by Pandemic ransomware, follow the steps below:

  • To restore a file, right-click on it and go to “Properties”
  • Select the “Previous Versions” tab
  • If the relevant files has a “Restore Point”, select it and click on “Restore” button

Note: This method is only effective if “System Restore” function was enabled on your Windows operating System. On other hand, some ransomware variants like Pandemic ransomware are known to remove “Shadow Volume Copies” of the files. So, we can say that this method may not work for data recovery.

Restore files locked by Pandemic ransomware using “Shadow Explorer”

To restore files, you can use “Shadow Explorer” application. This application allows you to browse the “Shadow Copies” created by Windows OS Shadow Copy Service. “Shadow Explorer” helps if you are unable of access the “Shadow Copies” by default especially in “Windows Home Editions”. Note that “Shadow Copies” can directly be accessed only in Business Ultimate and Enterprise versions.

“Shadow Explorer” provides Volume Shadow copy service and other features including retrieve all the variants of files and folders available, allow to access through shadow copies and show available current copies.

Important Note: This data recovery application is designed to decrypt or recover your files from Shadow copies which is created by “Windows Volume Shadow Copies Service”. But when we talk about Pandemic ransomware or other harmful ransomware variants, it usually deletes “Shadow volume copies” and any other backup files using malicious tricks. So if System has already been infected with this type of ransomware virus, then you can’t access “Shadow Copies” using this software. Anyway, you can use “Shadow Explorer” if you want and please check if it works.

How to download/install and use “Shadow Explorer” on Windows PCs?

  • Click on “Download” button below to download the “Shadow Explorer” application

Download Shadow Explorer

  • Double-click on “Installer file” or “Downloaded ZIP file” to install this software
  • Once installed, open “Shadow Explorer” as Administrator

  • Now, from the drop down list you can select from one of the available point-in-time Shadow copies

  • You can right-click on any file or folder and export it
  • After that, choose a folder where the files from “Shadow Copies” are saved to

  • In case if a file or folder in the destination folder already exists, “Shadow Explorer” asks for the confirmation before overwriting. Check the box “Do not show this dialog again”, if you don’t want to show this again.
  • There is a button in the settings (File, Settings) to reset this decision

Recovery of files encrypted by Pandemic ransomware or similar ransomware

If you are unable to recover your lost files by using “System Restore”, “Windows Previous versions features” and “Shadow Explorer”, then you can go for another data recovery solution. As said earlier in most of the cases, ransomware variants like Pandemic ransomware are capable of deleting “Shadow volume copies” created by Windows OS by default. In this case, you can use “Stellar Data Recovery Software”. This powerful data recovery software is designed to recover all files encrypted by Pandemic ransomware.

“Stellar Data Recovery Software” is user-friendly software for Windows and Mac OS X based devices that features include RAID and Virtual drive recovery and repairing all types of corrupted files. It works with both non-bootable and encrypted drives. In simple word, we can say that this powerful data recover software does great job.

This powerful recovery software takes less time to recover files locked by Pandemic ransomware and support all known files type and custom types can be added with advanced options menu. “Stellar Data Recovery Software” recovers emails, photos, audios, videos, documents and etc from any storage media devices like hard drives, SSD, DVD, USB drives, and others

On other hand, it recovers crucial data from missing or deleted partitions of hard drive volume in just few steps. It generates a preview of search results during scan so you get to see all the recoverable files before recovery. This preview result appears on screen in “Tree-View” and deleted list formats.

How to download/install and use “Stellar Data Recovery Software” on Windows PCs?

  • Click on “Download” button below to download “Stellar Data Recovery Software” in your computer

Download Stellar Data Recovery Software

  • Double-click on “Installer file” to install the application
  • Once installed, open “Stellar Data Recovery Software”
  • Select type of data you want to recover. Option: All Data, Office Documents, Folders, Emails, Audios and Videos. And then click on “Next”

  • Now, select he folder location, drive or volume you want to scan for data and click on “Scan”

  • Wait for the completion. Once done, select the files and click on “Recover” button to save your recover files

Related posts

Leave a Comment