Home / Spyware Help / Pendor Ransomware Removal Guide

Pendor Ransomware Removal Guide

by 0 Comments

Do you know what Pendor Ransomware is?

Pendor Ransomware is a new malicious application that our cyber security experts have recently tested. They found that it was configured to encrypt your personal files and then demand you pay a ransom to get your files back. However, you should refrain from paying the ransom and remove it entirely because you cannot trust cyber criminals to give you the decryption program/key to decrypt your files once you have paid. In this short article, we will discuss how this ransomware works, how it might be distributed, and how you can get rid of it. So, if your PC has been infected with Pendor Ransomware, please continue reading.

Pendor Ransomware was designed to encrypt your files. Researchers say that it should work by generating a unique encryption key and decryption key. The encryption key is used to encrypt your files. In order to decrypt your files, you have to buy the decryption key that only the cybercriminals have. They demand that you pay 50 USD-worth of Bitcoins. 50 dollars does not seem much for important files, but if this ransomware has encrypted files that are not so important, you should not risk losing your money because the criminals might not give you the decryption key after you pay.

If your PC were to become infected with Pendor Ransomware, then it will start encrypting your files immediately. It was configured to encrypt many file types that include pictures, videos, audio files, documents, executables, file archives, and so on. It tries to encrypt as many files in an effort to encrypt something valuable to compel you to pay the ransom. It appends all encrypted files with a custom “.pnr” that it adds to the end of each file. Once the encryption is complete, if you open an encrypted file it will launch a CMD-style window with a ransom note. Also, depending on the version of the ransomware (because there are two) text file version of the ransom note called READ_THIS_FILE_1.TXT or instruction.txt will be dropped on your PC.Pendor Ransomware Removal GuidePendor Ransomware screenshot
Scroll down for full removal instructions

The note states that you have to pay 50 USD in Bitcoins that you have to send to 1KBLAXQJQida4NM4AMkZNc6h42ddASLpaj or 1CbeSErGmje6C4om8VNt4ZLJkUP4op9hGQ and also send a personal ID number and your Bitcoins address to either pendor@tuta.io or pendor111@tutanota.com. However, you should not attempt to pay the ransom or contact the cybercriminals because you might not get the promised decryption key.

Now let us discuss how this ransomware is distributed. While there is no concrete information on it, we suspect that this ransomware might be distributed using email spam. Its creators might send this ransomware in fake emails. The emails can look legitimate, but they are not. They can be disguised as invoices, receipts, and so on. The main executable file should be included in the email. The attached file can be made to look like a PDF document and infect your PC when you open it. If you download it or run it, then the executable can be dropped in either the Downloads or %TEMP% folder. If you cannot find the executable, then try getting an anti-malware program to detect and delete it for you.

In closing, Pendor Ransomware is a highly dangerous computer malware that can infect it secretly and encrypt many of your files. Once it does that, it will demand money, but you might not want to pay. If you do not want to finance the cybercriminals’ next project, please remove this ransomware using the guide below or an anti-malware program such as SpyHunter that will make light work of this infection.

Pendor Ransomware removal Guide

  1. Press Windows+E keys.
  2. In the File Explorer’s address box, type the file paths presented below and hit Enter.
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  3. Locate the executable, right-click it and click Delete.
  4. Close the File Explorer.
  5. Empty the Recycle Bin.
  6. Hold down Windows+R keys.
  7. Type regedit in the box and hit Enter.
  8. Go to HKCU\Software\Classes\.PNR
  9. Right-click the key and click Delete.
  10. Then, go to HKCU\Software\Classes\Pendor and delete it as well.
  11. Close the Registry Editor.

In non-techie terms:

Pendor Ransomware is just another ransomware-type infection that can infect your PC by stealth and encrypt your files. You should refrain from paying the ransom because the creators of this ransomware might not send you the decryption key. Therefore, we suggest that you remove this program using an antimalware program or he guide provided above.