What is Ender ransomware? And how does this ransomware implement its attack?
Ender ransomware is a new screen-locking malware that pretends to be a file-encrypting threat. In the course of its attack, it displays a Graphic User Interface (GUI) claiming that the files are encrypted – which is not true. Although the fake crypto-malware may seem to look like a typical screen locker, it actually has some unusual attributes. It invades the computer system using a malicious executable file named WindosApp1.exe. Once this file is opened, the Ender ransomware is installed in the computer.
As of now, this ransomware has a low detection rate and some antivirus tools already identify it as W32.Trojan.Gen and Suspicious_GEN.F4V1008. This explains how cyber criminals attempt to wrap the malicious program in what supposedly is a valid digital certificate. And as it turns out, this ransomware also has another malicious executable file named EnderRansom v.0.1.exe which suggests the real origin of the malware.
“[the Ender Ransomware|WINDOW NAME]
Your PC was locked by Ender!
the Ender Ransomware appeared!
Your PC was locked!
You have luck… i am encrypted your PC Access, but i don’t stealed your PC!
But if you leave it alone… your PC will be encrypted forever!
How to get the decryption key?
[Yeah, how?|BUTTON]
You have VALID encryption key? Type in here please:
[TEXT BOX] [Submit|BUTTON]”
Once again, there is no need for you to panic as your files are safe from this malware. And it seems that the developers of this malware is/are a fan of the Ender’s game in 1985 science fiction novel Ender’s game as he named the ransomware after the main character. Luckily, the ransomware is not elaborate like the novel. So there is no need for you to pay for the ransom. The only thing you’ve got to do is to get rid of Ender ransomware immediately.
How does Ender ransomware spread its malicious files?
According to researchers, it is possible that Ender ransomware spreads its malicious files using the most common way in distributing ransomware infections – malicious spam emails. Cyber criminals often conceal the malicious file by using double extensions and using some file icons from Microsoft Office which makes it hard to decipher which is why you should check the email first as well as the sender before you download any attachment. It is also recommended that you always keep your system and antivirus program up-to-date to increase your resistance against ransomware infections like Ender ransomware.
Eliminate screen-locking malware using the removal instructions below.
Step 1: Type in the code aRmLgk8wb0WK5q7 in the field to unlock your computer
Step 2: Pull up the Task Manager by tapping Ctrl + Shift + Esc keys on your keyboard.
Step 3: Go to the Processes tab and look for EnderRansom v.0.1.exe and WindosApp1.exe and then end each of their process.
Step 4: Exit the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 5: Look EnderRansom v.0.1.exe and then uninstall it.
Step 6: Close Control Panel and tap Win + E keys to open File Explorer.
Step 7: Navigate to the following locations.
- %TEMP%
- %APPDATA%
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
Step 8: Look for the Ender’s malicious files listed below and delete all of them.
- EnderRansom v.0.1.exe and
- exe.
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that Ender ransomware created. So if you are not familiar with the Windows Registry skip to Step 12 onwards.
However, if you are well-versed in making registry adjustments, then you can proceed to step 9.
Step 9: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter and then go to the following path:
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
Step 10: Look for a value named Shell which value data should point to C:\EnderRansom.exe.
Step 11: Right-click on the value name Shell and select Modify and instead of C:\EnderRansom.exe type explorer.exe and click OK.
Step 12: Close the Registry Editor and Empty the Recycle Bin.
Follow the continued advanced steps below to ensure the removal of the Ender ransomware and its malicious files.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
Register the program to protect your computer from future threats.