Fenrir Ransomware

What is Fenrir Ransomware?

Whoever created Fenrir Ransomware, they must be in the Norse mythology, seeing how they gave their program the name of the monstrous Norse wolf. Perhaps they expected their program to be just as destructive as the mythical creature. Judging from the reports we get from distressed users, the program must have reached at least part of their intended victims.

It is unfortunate that there is no public decryption tool that would allow us to restore the files encrypted by this infection, but you can actually remove Fenrir Ransomware if you check out the manual removal instructions we have compiled right below this description.testtesttest

Where does Fenrir Ransomware come from?

This program spreads using the most common ransomware distribution methods. It means that it usually comes via spam email attachments. Users tend to download the malicious installers themselves because they do not realize that the files they download might turn out to be dangerous. Hence, when you receive an official email with an attached file, be sure to check whether you really were supposed to get that email. Not to mention that you can always scan the file before opening it. That is what the security programs are for.

Fenrir Ransomware was first spotted in the beginning of July 2017, and it is actually rather clear why it is able to infect so many computers. The installer file for this infection looks like an Adobe Reader file, so users launch the infection thinking they are simply opening a PDF file. And it is not just about Fenrir Ransomware. There are quite a few programs that disguise their installer files as something useful, and then users are tricked into opening these files.

Once again, you should be able to avoid Fenrir Ransomware if you double-check the email messages and their attachments before opening them.

What does Fenrir Ransomware do?

However, if you happened to open the installer file, then the program will be launched and installed on your computer. The moment you run this program, it makes a DNS request, connecting to the address, which is located in the Netherlands. Then it scans your computer looking for the files it can encrypt, and once the encryption is complete, the program adds additional extension to all the locked files. To add this extension, Fenrir Ransomware uses your own computer’s Hardware ID, thus the extension differs from one computer to the other. The program leaves the original file name, but it has an additional extension that looks like an alphanumeric code.

Aside from encrypting your files, the program also changes your desktop’s background. Then, of course, it displays the ransom note that has to push you into paying the money for your files. The ransom note has a separate pop-up and it does not appear on your desktop. The message in the ransom note reads as follows:

(A) Sending to me the amount of 150$ dollars in bitcoin for my bitcoin ID after the payment has been made send the transaction ID and your personal ID to my email and then i will send you the unlocker.

The ransom note does not present us with anything unusual, as it is worded in a way that is used for most of the ransom notes. Needless to say, you should not pay the money because there is no guarantee that the criminals who infected you would actually issue the decryption key. They might just collect your money and scram, looking for more innocent users to infect. In this case, you need to just focus on the ransomware removal.

How do I remove Fenrir Ransomware?

To get rid of this infection, you need to remove the recently downloaded files. Check out the directories where you save downloaded files, and look for suspicious files that may look like PDF documents. There are also a few files you need to delete from your desktop, and delete a Run key from your registry, that would otherwise automatically load the infection.

Once Fenrir Ransomware is gone, you can delete the encrypted files, and then transfer healthy copies of your files back to your PC. You should be able to find most of your files saved either in a data backup or on your mobile device. Check out all the places where you might have been saving your files without realizing it!

Manual Fenrir Ransomware Removal

  1. Go to your Downloads folder.
  2. Delete the most recently downloaded files.
  3. Go to your Desktop.
  4. Remove the ransom.rtf file and press Win+R.
  5. Type regedit into the Open box and click OK.
  6. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  7. On the right side, right-click and delete the PID value.
  8. Exit Registry Editor and scan your PC. 100% FREE spyware scan and
    tested removal of Fenrir Ransomware*

Leave a Comment

Enter the numbers in the box to the right *