Pidom ransomware is a malicious software that secretly penetrates the personal computer and encrypts documents, photos and music that stored on PC disks. While encrypting, it renames all encrypted personal files so that they have the .pidom file extension.
Files encrypted by .pidom ransomware
Once installed, the Pidom crypto malware begins searching for attached drives and even networked disks containing documents, videos, images, archives, music, web application-related files and database. It can be used to encrypt almost all types of files, including common as:
.pkpass, .itdb, .wps, .wpe, .rgss3a, .wpd, .ai, .docx, .2bp, .odm, .png, .hkx, .indd, .wcf, .bc6, .xlsm, .menu, .vfs0, .3ds, .cas, .psd, .wpw, .map, .dng, .lbf, .fos, .mp4, .m2, .kdb, .xll, .wpl, .dcr, .flv, .kf, .y, .m4a, .wire, .forge, .lvl, .jpe, .p7b, .xlk, .zabw, .rw2, .vcf, .tax, .rwl, .doc, .yml, .wp6, .ff, .xx, .iwd, .wbm, .erf, .w3x, .pak, .wn, .x3d, .py, .pfx, .mrwref, .3dm, .css, .sidd, .sidn, .eps, .xlsm, .xar, .pst, .ltx, .mddata, .arw, .rtf, .fsh, .wpd, .7z, .das, .cfr, .cr2, .wmf, .re4, .z, .pptm, .arch00, .layout, .syncdb, .xml, .ibank, .t12, .zip, .xxx, .1st, .upk, .x3f, .x3f, .webdoc, .wp, .dazip, .xbdoc, .itm, .wpg, .dmp, .qic, .p12, .wpb, .odc, .mcmeta, .xy3, .ppt, .iwi, .bik, .3fr, .bkf, .xlsb, .sie, .dwg, .pef, .webp, .dxg, .wpt, .jpeg, .vpp_pc, .wgz, .zi, .d3dbsp, .zdc, .rofl, .wb2, .sis, .xpm, .raw, .rb, .kdc, .gho, .wbz, .mlx, .bkp, wallet, .zip, .sb, .wdp, .bc7, .slm, .wp4, .ysp, .p7c, .pdf, .csv, .crw, .lrf, .z3d, .crt, .wmo, .rim, .sid, .ods, .der, .ptx, .bsa, .r3d, .xyp, .wotreplay, .xlsx, .wp5, .wsh, .wma, .svg, .xlgc, .wbc, .zdb, .wot, .xdl, .hkdb, .sr2, .sum, .wsd, .ws, .ztmp, .ntl, .wm, .itl, .pdd, .x, .wri, .apk, .icxs, .tor, .wmv, .qdf, .wmd, .srf, .txt, .wbd, .js, .mef, .dba, .sav, .xls, .wmv, .snx, .ybk, .esm, .asset, .ncf, .odp, .orf, .mdbackup, .xbplate, .mdf, .blob, .zif, .db0, .sql, .nrw, .fpk
Upon successful encryption, it appends the .pidom extension to the file name of its encrypted file. The ransomware also creates a text file called ‘_readme.txt’ in each folder. This file is a ransom instructions. The ransom instructions asks for money in the form of bitcoins. The content of the ransom demanding message is below:
Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-7AKxZTQTdy Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Threat Summary
| Name | Pidom |
| Type | Ransomware, Filecoder, Crypto virus, File locker |
| Encrypted files extension | .pidom |
| Ransom note | _readme.txt |
| Contact | stoneland@firemail.cc, @datarestore (telegram) |
| Ransom amount | $490, $980 in Bitcoins |
| Symptoms |
|
| Removal | To remove Pidom ransomware use the removal guide |
| Decryption | To decrypt Pidom ransomware use the steps |
Use the step-by-step guide below to remove ransomware and restore (decrypt) encrypted files for free.
Quick links
- How to remove Pidom ransomware virus
- How to decrypt .pidom files
- Use STOPDecrypter to decrypt .pidom files
- How to restore .pidom files
- How to protect your computer from Pidom crypto virus?
- To sum up
How to remove Pidom ransomware virus
Cyber threat analysts have built efficient malware removal tools to aid users in deleting Ransomware, trojans and worms. Below we will share with you the best malicious software removal tools with the ability to detect and remove Pidom ransomware and other malware.
How to remove .Pidom ransomware with Zemana Anti-malware
We suggest using the Zemana Anti-malware. You may download and install Zemana Anti-malware to detect and remove Pidom ransomware virus from your computer. When installed and updated, the malicious software remover will automatically scan and detect all threats present on the PC system.
Now you can setup and run Zemana Anti-Malware to remove Pidom virus from your browser by following the steps below:
Visit the following page to download Zemana installer named Zemana.AntiMalware.Setup on your computer. Save it on your MS Windows desktop.
159456 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Launch the install package after it has been downloaded successfully and then follow the prompts to install this tool on your computer.
During install you can change certain settings, but we suggest you don’t make any changes to default settings.
When setup is finished, this malware removal utility will automatically launch and update itself. You will see its main window as shown on the image below.
Now press the “Scan” button . Zemana AntiMalware utility will start scanning the whole personal computer to find out the Pidom crypto virus related files, folders and registry keys. Depending on your machine, the scan may take anywhere from a few minutes to close to an hour. While the tool is scanning, you can see how many objects and files has already scanned.
When Zemana Anti-Malware (ZAM) has completed scanning, you can check all items found on your PC system. Make sure all threats have ‘checkmark’ and click “Next” button.
The Zemana Anti Malware will remove Pidom ransomware, other malware, worms and trojans and add threats to the Quarantine. After the clean-up is complete, you may be prompted to reboot your personal computer to make the change take effect.
How to remove .Pidom file virus with MalwareBytes AntiMalware (MBAM)
We recommend using the MalwareBytes Anti-Malware which are fully clean your personal computer of the ransomware. This free tool is an advanced malicious software removal program made by (c) Malwarebytes lab. This program uses the world’s most popular anti malware technology. It’s able to help you get rid of ransomware, potentially unwanted apps, malware, adware software, trojans, and other security threats from your computer for free.
- Download MalwareBytes from the following link.
Malwarebytes Anti-malware
317497 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- Once downloading is finished, close all programs and windows on your computer. Open a file location. Double-click on the icon that’s named mb3-setup.
- Further, click Next button and follow the prompts.
- Once install is finished, click the “Scan Now” button to perform a system scan for the .Pidom file virus related files, folders and registry keys. A scan can take anywhere from 10 to 30 minutes, depending on the count of files on your computer and the speed of your computer. During the scan MalwareBytes will detect threats present on your machine.
- After the system scan is finished, you will be displayed the list of all found threats on your computer. Review the report and then press “Quarantine Selected”. Once finished, you may be prompted to reboot your personal computer.
The following video offers a steps on how to delete browser hijacker infections, adware and other malicious software with MalwareBytes Anti Malware (MBAM).
Use KVRT to remove Pidom crypto virus from the system
If MalwareBytes anti malware or Zemana anti-malware cannot remove this ransomware, then we advises to use the KVRT. KVRT is a free removal utility for crypto malware, adware, worms, spyware and trojans.
Download Kaspersky virus removal tool (KVRT) by clicking on the link below.
123790 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
When downloading is complete, double-click on the KVRT icon. Once initialization process is done, you will see the Kaspersky virus removal tool screen as on the image below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button . KVRT tool will start scanning the whole system to find out the Pidom ransomware and other malicious software. Depending on your machine, the scan can take anywhere from a few minutes to close to an hour. While the KVRT is scanning, you can see how many objects it has identified either as being malware.
After the scanning is finished, Kaspersky virus removal tool will open a scan report as displayed on the image below.
Next, you need to click on Continue to begin a cleaning procedure.
How to decrypt .pidom files
The Pidom ransomware offers to make a payment in Bitcoins to get a key to decrypt documents, photos and music. Important to know, currently not possible to decrypt .pidom files without the private key and decrypt application.
Never pay the ransom! You might feel that you have no other choice but to pay up and decrypt .pidom files quickly. There is no guarantee that the authors of Pidom crypto malware will live up to the word and give back your personal files.
Files encrypted by .pidom ransomware
With some variants of the Pidom ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .pidom files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .dotmap. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.pidom).
Please check the twitter post for more info.
How to restore .pidom files
In some cases, you can recover files encrypted by Pidom ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.
Run ShadowExplorer to recover .pidom files
An alternative is to restore .pidom documents, photos and music from their Shadow Copies. The Shadow Volume Copies are copies of files and folders that Windows 10 (8, 7 and Vista) automatically saved as part of system protection. This feature is fantastic at rescuing files that were damaged by Pidom ransomware. The guide below will give you all the details.
Click the link below to download ShadowExplorer. Save it on your Microsoft Windows desktop or in any other place.
418813 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown below.
Start the ShadowExplorer tool and then select the disk (1) and the date (2) that you wish to recover the shadow copy of file(s) encrypted by the Pidom crypto malware as displayed on the screen below.
Now navigate to the file or folder that you want to restore. When ready right-click on it and click ‘Export’ button as displayed on the screen below.
Run PhotoRec to recover .pidom files
Before a file is encrypted, the Pidom ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your documents, photos and music using file recover apps like PhotoRec.
Download PhotoRec on your MS Windows Desktop by clicking on the following link.
Once downloading is done, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown in the figure below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It’ll open a screen as displayed in the figure below.
Choose a drive to recover as on the image below.
You will see a list of available partitions. Choose a partition that holds encrypted personal files as shown in the following example.
Click File Formats button and select file types to recover. You can to enable or disable the restore of certain file types. When this is complete, click OK button.
Next, click Browse button to select where recovered documents, photos and music should be written, then press Search.
Count of restored files is updated in real time. All recovered documents, photos and music are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is done, click on Quit button. Next, open the directory where restored files are stored. You will see a contents as shown on the screen below.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your computer from Pidom crypto virus?
Most antivirus apps already have built-in protection system against the ransomware virus. Therefore, if your PC does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Use HitmanPro.Alert to protect your computer from Pidom ransomware virus
HitmanPro.Alert is a small security tool. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
HitmanPro Alert can be downloaded from the following link. Save it on your Microsoft Windows desktop.
When downloading is finished, open the directory in which you saved it. You will see an icon like below.
Double click the HitmanPro Alert desktop icon. After the tool is launched, you’ll be displayed a window where you can select a level of protection, as shown below.
Now click the Install button to activate the protection.
To sum up
Now your system should be free of the Pidom ransomware. Delete MalwareBytes AntiMalware and Kaspersky virus removal tool. We recommend that you keep Zemana AntiMalware (to periodically scan your machine for new malware). Moreover, to prevent ransomware virus, please stay clear of unknown and third party programs, make sure that your antivirus program, turn on the option to block or scan for ransomware.
If you need more help with Pidom ransomware related issues, go to here.
