Fenrir Ransomware Removal Guide

Do you know what Fenrir Ransomware is?

Has your operating system been infected by Fenrir Ransomware? If that is the case, the chances are that you are the one who has executed the malicious launcher of this dangerous infection. According to our experienced malware research team, the launcher of this malware is spread attached to spam emails, and the infection is executed as soon as the file is opened. Needless to say, the launcher is concealed; otherwise, no one in their right mind would open it or interact with it in any way. Unfortunately, this file could use the icon of an Adobe Reader file, and so it is not that surprising that users are tricked into opening it. That being said, you MUST be cautious with the messages you get in your inbox because some of them can be misleading and malicious. If you have been tricked into launching the ransomware already, the most important thing we have to discuss is its removal. Before you learn how to delete Fenrir Ransomware, please read this analytical report.

Without a doubt, Fenrir Ransomware targets those Windows operating systems that are not guarded reliably. If your PC is not protected, and you open the malicious launcher without suspecting a threat, it initiates malicious processes without your notice. First and foremost, the infection communicates with remote servers. It is difficult to say what exactly happens when the ransomware communicates with these servers, but it is most likely that it downloads an encryption key. In another situation, the threat might generate the key on the PC and then send it. It is also known that Fenrir Ransomware uses a remote connection to download a .png file with a random name to introduce users to an intimidating Desktop background image. Unfortunately, it is unlikely that the victim of this malware can recognize and stop it in time because it moves very fast and very quietly. In fact, most victims are likely to realize what has happened only after they discover that they cannot open their files and when scary ransom demands are introduced to them via images, text files, and windows.Fenrir Ransomware Removal GuideFenrir Ransomware screenshot
Scroll down for full removal instructions

The {random name}.png file used by Fenrir Ransomware replaces your regular Desktop wallpaper, but the main source of information is the “ALL YOUR FILES HAVE BEEN LOCKED” window that is launched from the main executable. Another ransom file is called “ransom.rtf”, and it should introduce you to the same demands. According to these demands, you can have your files decrypted only if you use the so-called “unlocker.” To obtain it, you are asked to pay a ransom of $150. If you choose to pay the ransom, you have to do it in Bitcoins to 19SVnn5cjTewmgzE5v9gVXn4mzxFQMT5Wo, and then you have to email whiterabbit01@mailinator.com to inform cyber criminals about the transaction. You are asked to send your unique ID number as well. Speaking of IDs, it was found that Fenrir Ransomware adds a unique HWID number to the names of the files that are encrypted.

The biggest question is whether or not you should pay the ransom. Ultimately, that is up to you, but it is our responsibility to remind you that you are dealing with cyber criminals who never keep their promises. Unfortunately, the percentage of users who get their files decrypted after they pay the ransom fees is close to nothing. So, do you want to waste your money? Are you okay with this risk? Whether or not you choose to take the risk, the removal of Fenrir Ransomware cannot be forgotten. You can use the manual removal guide below, but we strongly advise using anti-malware software. Not only because it will automatically clean your PC but also because it will guarantee the full-time protection you need.

Delete Fenrir Ransomware

  1. Identify the malicious launcher file.
  2. Right-click it and choose Delete.
  3. Find the ransom note file called ransom.rtf and repeat step 2.
  4. Find the {random name}.png file and repeat step 2.
  5. Launch Registry Editor (launch RUN by tapping Win+R and enter regedit.exe).
  6. In the pane on the left move to HKCU/Software/Microsoft/Windows/CurrentVersion/RUN.
  7. Delete the value called PID (note that valuedata is random).
  8. Empty Recycle Bin and then perform a full system scan.

In non-techie terms:

While Fenrir Ransomware cannot compromise your operating system, it is one of the most malicious infections out there because it can encrypt your personal files. If they are not backed up, it is most likely that these files are corrupted permanently. The ransom notes used by this infection suggest that you can get your files decrypted/unlocked by paying a ransom, but our research team warns you that promises made by cyber criminals should not be taken too seriously. Ultimately, we cannot tell you what you should do about your files, but we suggest making the decision fast because you need to remove Fenrir Ransomware as soon as possible.