Pponce.lorena@aol.com Ransomware

What is Pponce.lorena@aol.com Ransomware?

Anti-Spyware-101.com research team is warning Windows users about a new threat called Pponce.lorena@aol.com Ransomware that comes from the GlobeImposter Ransomware family. This version of the well-known infection adds the “.[ponce.lorena@aol.com]” extension to the files that are corrupted by it, and so if you have discovered corrupted files with this extension, we suggest that you read this report. Hopefully, you will be able to recover your files, but that is unlikely to happen if you choose to follow the lead of the cybercriminals who control this malware. Since this threat is part of a larger family of malware, a free decryptor already exists. We cannot guarantee that the GlobeImposter Decryptor will be able to restore all files corrupted by the threat, but this might be the best option you have. Alternatively, you might be able to use backups to replace the corrupted files, but all of this should be done after deleting Pponce.lorena@aol.com Ransomware. Do you want to learn more about the removal of this malware? Continue reading if you do.

How does Pponce.lorena@aol.com Ransomware work?

Pponce.lorena@aol.com Ransomware might be dropped onto your Windows operating system using unpatched security vulnerabilities, spam emails, unreliable downloaders, or by other infections. Several different methods could be employed to invade multiple operating systems, and it does not look like this malware was created to attack anyone specifically. Once inside the system, Pponce.lorena@aol.com Ransomware adds a registry entry to ensure that the threat can autostart with Windows. That way, even if you restart the computer, the infection should be able to encrypt files. The encryption is silent, and you are not supposed to notice it until all files are corrupted. Of course, it is all very quick too, and so stopping the threat in its tracks is unlikely to be possible. Once the threat is ready, it reveals itself with the help of a file named “HOW_RECOVER.html.” You should find multiple copies of this file everywhere, and whether you decide to delete the infection manually or using automatic removal software, you will want to get rid of every single one of this file.

The message dropped by Pponce.lorena@aol.com Ransomware informs that files are encrypted and also states that specific instructions must be followed if the victim wants to have the files decrypted. These instructions call you to send a unique ID and one file to ponce.lorena@aol.com and then pay an undisclosed sum of money in return for a decryption tool. The ransom note declares that the tool would be sent your way as soon as the ransom was paid. Can you trust cybercriminals? Obviously, you cannot, and we strongly doubt that they would bother helping you out once they get the money. On top of that, contacting the attackers via email is dangerous too because even if you choose not to pay the ransom, you could be sent intimidating messages and also exposed to new scams in the future. The ransom note declares that no one can decrypt the files, but, as we mentioned already, you might be able to use a free decryptor. If that does not work out, maybe you have copies of all corrupted files stored somewhere safe? You want to have all personal files backed up because there are many infections capable of corrupting files, and, unfortunately, free decryptors are very rare.

How to delete Pponce.lorena@aol.com Ransomware

You need to remove Pponce.lorena@aol.com Ransomware from your operating system first and foremost. Once you have this infection eliminated, you can try to decrypt files using a free decryptor or replace them using backup copies. If you reverse the order, you might have your files corrupted again, and your backups could be destroyed too. So, how can you delete Pponce.lorena@aol.com Ransomware from your operating system? If you are thinking about installing a legitimate anti-malware program, you have things covered. The program will automatically inspect the system and remove any threats that might be active. Furthermore, it will take care of Windows security, which you would have to take care of yourself if you decided to eliminate the infection manually. Hopefully, you know what to do now, but if you still have questions, do not hesitate to leave them in the comments section below.

Removal Guide

1. Launch Run (tap keys Win+R) and enter regedit into the box to launch Registry Editor.
2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
3. Find the value named BrowserUpdateCheck, right-click it, and choose Delete.
4. Exit Registry Editor and then launch Windows Explorer (tap keys Win+E).
5. Enter %LOCALAPPDATA% into the quick access field at the top.
6. Right-click and Delete a malicious {unknown name}.exe file.
7. Exit Explorer and now Delete all copies of the file named HOW_RECOVER.html.
8. Empty Recycle Bin and then employ a legitimate malware scanner to check for threat leftovers. Download Removal Tool100% FREE spyware scan and
   tested removal of Pponce.lorena@aol.com Ransomware*