PokemonGo Ransomware

What is PokemonGo Ransomware?

PokemonGo Ransomware has nothing to do with the popular game as it is a malicious program created to extort money from its victims. Apparently, it targets user’s private data that could be enciphered while using the AES encryption algorithm. Unfortunately, the malware might encrypt not only your private data but also gain access to the system. Thus, it is advisable to delete the infection as soon as possible. Luckily, our researchers tested the malicious application and learned how to erase it manually. Accordingly, we prepared a manual removal guide that is available below the text. However, if you want to understand fully how the ransomware works or how it is distributed, you should read the rest of the article.testtest

Where does PokemonGo Ransomware come from?

Our researchers say that the malware is still in development, so we cannot know for certain how it could be distributed. Nonetheless, it is possible that the infection might be spread through malicious web pages. For example, users could visit a website that may suggest them to download the PokemonGo game for Windows. The installer’s shortcut should show a picture of Pikachu, and it could be titled as PokemonGo.exe. There is also a chance that the malicious executable file might be spread through Spam emails.

How does PokemonGo Ransomware work?

It was reported that after you launch the infected file, PokemonGo Ransomware could create a copy of it in another directory. However, the sample our researchers at Anti-spyware-101.com tested, did not act in such manner. Instead, the malicious application created a backdoor administrator account that allows the malware’s developers to connect to the infected computer remotely. It does so by creating a registry entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList directory. This entry is added silently, so the user itself might not notice it.

After the infection settles in it should start encrypting all data on the computer that has the following extensions: .txt, .rtf, .doc, .pdf, .mht, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .htm, .gif, .png. Files that have been encrypted are easy to recognize as they have an additional extension called .locked. Afterward, PokemonGo Ransomware drops a ransom note written in the Arabic language on the Desktop. The text in it says that the user must contact the malware’s creators via given email address. No doubt, you should be asked to pay a ransom for decryption tools. Before you decide, you should consider a possibility that the malicious program’s developers might not send the decryptor. As it was mentioned earlier, the infection is still in development, and no one can guarantee you that the decryptor will be sent to you or that it exists at all.

How to erase PokemonGo Ransomware?

If you want to try to eliminate PokemonGo Ransomware manually, you could check the deletion instructions below the article. Nevertheless, since the infection’s creators might yet upgrade it or release a different version of it, we advise you to use a legitimate antimalware tool to remove the threat. A security tool can check your whole system and detect malicious data on it, so if PokemonGo Ransomware placed anything else on the computer, the tool could locate it. Moreover, we should also warn you that if you used any removable media devices at the time, the malware appeared, such devices could be infected as well, and it is important to check them with a security tool too.

Eliminate PokemonGo Ransomware

  1. Find the executable file with a Pikachu shortcut image, right-click it and select Delete.
  2. Press Windows Key+R, type regedit and click OK.
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
  4. Find a key titled as “Hack3r” = 0, right-click it and select Delete.
  5. Restart the computer.
  6. Open Control Panel and go to User Accounts.
  7. Find the Hack3r account and remove it.
  8. Empty the Recycle bin.
100% FREE spyware scan and
tested removal of PokemonGo Ransomware*

Leave a Comment

Enter the numbers in the box to the right *