Pytehole Ransomware

What is Pytehole Ransomware?

A new crypto-threat Pytehole Ransomware has been released by cyber criminals recently. It was first detected on the 25th of April, 2017, so it is not distributed actively yet, but specialists at anti-spyware-101.com still want users to know about the damage it might cause. We should start by saying that this malicious application arrives on computers illegally and then, after its executable file pyte-hole.exe (it might have a different name) is launched, starts encrypting users’ files. It does not encrypt all files it finds stored on the system, so %WINDIR% files (Windows OS files) are left untouched, and the affected computer can work normally. Unfortunately, Pytehole Ransomware stays active on the system after performing the encryption process, so it might strike again, specialists say. In consequence, users who discover Pytehole Ransomware on their PCs and a bunch of files encrypted should hurry to remove this malicious application fully. Keeping malware installed is always a bad idea because it might be performing activities in the background or even help other threats to sneak onto the system unnoticed.

Where does Pytehole Ransomware come from?

Researchers have managed to find out how Pytehole Ransomware acts; however, they still find it hard to say how this infection is distributed since it has not started an active distribution campaign yet. Of course, they still hold an opinion on this matter. Specialists believe that this infection might be spread using several different distribution methods. For instance, it might be dropped by a Trojan, it might be promoted as useful software on a page administered by cyber criminals, or it might be spread via spam email campaigns just like hundreds of other ransomware infections. It seems that the latter distribution method is used the most frequently. Several distribution strategies might be used to spread ransomware, but it does not mean that this malicious software cannot be avoided. Our security specialists have only two pieces of advice for computer users reading this article: 1) never download and install programs from dubious P2P and torrent sites; 2) always have reputable security software enabled on your computer.

What does Pytehole Ransomware do?

If the executable file of Pytehole Ransomware is launched, this ransomware infection starts doing its main job – encrypting users’ personal data (e.g. images, documents, music, etc.). It should affect only those files it finds on Desktop. Unlike some other crypto-threats, it deletes original files and creates their encrypted versions with the .adr extension. The strange thing is that it does not leave any information about the decryption of files, i.e. it does not drop a ransom note. This suggests that it might not be working properly at the time of writing. Since users are not offered to purchase a decryptor, and Pytehole Ransomware uses the secure encryption algorithm ESA, it might be impossible to unlock those encrypted files. Of course, it does not mean that the ransomware infection responsible for the encryption of files can stay. Delete it and then go to recover files from a backup – you could do that only if you periodically back up your files.

Pytehole Ransomware stays active on the computer after encrypting users’ files, as you should already know if you have read previous paragraphs. Therefore, its deletion is a must. Actually, it is not the only reason this threat has to be eliminated. Researchers have revealed that it communicates with its C&C server https://traffic.pasmik.net/get.php, which means that it uses your Internet connection. It will stop doing this only if you remove it from your computer, so go to take care of it as soon as possible.

How to remove Pytehole Ransomware

Pytehole Ransomware is not an ordinary program, so do not expect to erase it easily. If you decide to remove it manually, you will have to eliminate its point of execution and all suspicious files from your PC. The same can be done automatically too, but you will need to acquire a reputable scanner first. Specialists recommend investing in an automatic malware remover because it is considerably easier to remove ransomware automatically, and you will be sure that no components of this malicious application stay on your computer. Do not forget that files encrypted by Pytehole Ransomware will not be unlocked no matter which removal method is employed.

Pytehole Ransomware manual removal guide

1. Open the Registry Editor (tap Win+R, enter regedit.exe, and click OK).
2. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
3. Delete the adr Value (locate it, right-click on it, and select Delete).
4. Remove the malicious recently opened file, e.g. pyte-hole.exe.
5. Empty the Recycle bin.

Download Removal Tool100% FREE spyware scan and
tested removal of Pytehole Ransomware*