Pendor Ransomware

What is Pendor Ransomware?

Pendor Ransomware is a dangerous infection cyber criminals have developed recently with the intention of easily obtaining money from users. We would lie if we told you that it is one of those prevalent infections now, but we cannot know when its popularity increases, so we are writing about it today hoping that this information will help some users to prevent Pendor Ransomware from entering the system. It is a typical ransomware infection in a sense that it encrypts users’ files right after the successful entrance, but it differs from many other ransomware infections in a sense that it does not drop a ransom note after encrypting users’ personal files, but, instead, it opens a CMD window with the ransom note for users when they double-click on any of the locked files. If Pendor Ransomware has already entered your system successfully and you see a ransom note in front of your eyes, we suggest that you ignore it completely because sending money to cyber criminals is not what victims of ransomware infections should do. Specialists at anti-spyware-101.com say that victims should immediately go to erase the ransomware infection from their computers so that their other files would not be encrypted. More information about the Pendor Ransomware removal is provided in the last paragraph, so read the report till the end.

What does Pendor Ransomware do?

Pendor Ransomware is one of those malicious applications cyber criminals use for money extortion. This threat arrives on users’ computers illegally and starts working immediately. Because of this, it is impossible not to notice the entrance of this ransomware infection. You should first notice a new extension appended to your files. The original extensions of your personal data will not be removed, but, instead, .pnr will appear next to them, for example, picture.jpg will become picture.jpg.pnr. If you double-click on any of the files having a new extension, a CMD window will be opened on your screen. It contains the ransom note. The first sentence of the ransom note tells users that their files have been encrypted, whereas the second one informs them that the decryption of files is impossible “without our decryption service.” Users are offered to purchase the decryption key from cyber criminals for 50 USD. The money has to be sent in Bitcoins to the provided Bitcoin address belonging to cyber criminals. Once the payment is made, users need to send their personal IDs and Bitcoin addresses to the cyber criminals’ TOR decryption service indicated in the ransom note and/or email pendor111@tutanota.com. We hope that you are not planning on sending money to cyber criminals because you will encourage them to continue developing malware by making a payment. Also, you might not be able to decrypt your files even if you send money to them, so better keep your money to yourself.

Where does Pendor Ransomware come from?

Not much information about the distribution of Pendor Ransomware was available at the time of writing; however, specialists working at anti-spyware-101.com still have an opinion about the distribution of this ransomware infection. They believe that it should be primarily spread via spam emails. Ransomware infections are usually spread in spam emails as attachments or users might be presented with malicious links and initiate the download/installation of the ransomware infection by clicking on them. Most probably, it is not the only distribution method used to spread Pendor Ransomware. The chances are high that it has been placed on some kind of untrustworthy third-party page too, so be careful with what you download from the web. Actually, there is one effortless way to protect the system from ransomware infections and other harmful malicious applications – installing a powerful security application, so go to get such a tool today and install it on your PC if you do not think that you can ensure the system’s maximum protection alone.

How to delete Pendor Ransomware

What you will need to do to remove Pendor Ransomware fully from your computer is to delete all recently downloaded suspicious files and remove two registry keys representing it from the system registry. If you have never deleted such a sophisticated infection before, use our manual removal guide (find it below this article). You can also take care of this harmful threat quicker by scanning your system with an automated malware remover. You are not allowed to keep Pendor Ransomware active on your PC because it can start automatically with the Windows OS, meaning that it will work on your system 24/7.

Pendor Ransomware removal guide

1. Press Win+R.
2. Type regedit.exe and click OK.
3. Open HKCU\Software\Classes\.PNR.
4. If you see “Pendor” in the (Default) Value data, right-click this registry key and select Delete.
5. Delete the HKCU\Software\Classes\Pendor registry key.
6. Close Registry Editor.
7. Press Win+E to open Explorer.
8. Check %USERPROFILE%\Downloads and %USERPROFILE%\Desktop.
9. Delete all suspicious files you find there.
10. Empty Recycle bin. Download Removal Tool100% FREE spyware scan and
    tested removal of Pendor Ransomware*