When the PadCrypt ransomware was first discovered, the existing Command & Control servers for the ransomware were quickly shutdown. As no new versions were released it was assumed that the developer had given up on his project. Unfortunately, it appears that PadCrypt is still alive and kicking as I discovered a new sample of the downloader last night that utilizes a new C2 server at jodielane100.com. You can see the communication between a victim and the new server below.
It also appears that the developer is using the live chat to initiate conversation with the victims rather than the other way around. The malware developer has been sending messages to the victims explaining to them that if they do not pay the ransom price will increase. Unfortunately, when chat messages are sent to the victim they are not sent again and I was unable to get a screenshot of the chat window.
The hashes for the new sample are: