MindSystem Ransomware Removal Guide

Do you know what MindSystem Ransomware is?

Malware researchers detect new ransomware infections almost every day. MindSystem Ransomware is the latest infection they have discovered in the wild. It is very likely that it is not distributed actively yet and, instead, is used only for educational purposes, but its source code might one day end up in the hands of cyber criminals. If this ever happens and they start distributing this infection actively with the purpose of extracting money from those unfortunate users in mind, you might encounter this infection in no time. The version our specialists have analyzed does not demand money from users, and it even drops a file key.txt on Desktop containing the unique key for the decryption of files, but we can assure you that a new version updated by cyber criminals will no longer act like this. Instead, you will be asked to pay a ransom to get files decrypted. Never support malicious software developers by sending them your money because you will encourage them to continue developing malware by doing so. No matter what ransomware infection you encounter, it is always the best idea to delete it fully ASAP.

MindSystem Ransomware targets only one directory %USERPROFILE%\Downloads, but this might, of course, change soon with a new updated version of this infection. Files encrypted by this threat get a new extension .mind appended, so users soon realize that they have encountered the ransomware infection. When MindSystem Ransomware finishes encrypting files, it also displays a pop-up window “Hi, your computer have been locked by Legend-Modz” to inform victims about the encryption of files. Of course, the text of this pop-up might be changed in the new version of MindSystem Ransomware, but you should still see such a message on your screen. Next to encrypting files and opening a pop-up message, this infection downloads a file named file.jpg from the Internet and drops it on Desktop. It also drops key.txt containing the unique key that might be used for decrypting files there. If you have encountered the educational version of this infection, use this key to unlock your files.

Malware analysts say that MindSystem Ransomware is quite a sophisticated infection, so it will surely become a huge threat to users if it is ever taken over by cyber criminals and they start disseminating it. You will not only discover a number of encrypted files and a window opened on your screen when it successfully infiltrates your computer. It will not take long to realize that Task Manager, Registry Editor, CMD, and other functionalities of your Windows OS have been disabled too. You must restore them all yourself because you could not delete this infection from your computer unless you undo the changes it has made first.MindSystem Ransomware Removal GuideMindSystem Ransomware screenshot
Scroll down for full removal instructions

MindSystem Ransomware is not spread to steal money from users. At the time of writing, it was used for educational purposes, so there is not much to say about its distribution. Of course, everything might change soon. If cyber criminals ever start spreading it actively, it should be distributed via spam emails. Also, it might be placed on third-party pages, so owners of unprotected computers will risk infecting their systems with this ransomware infection by simply downloading software from the web. Do not let an updated version of this threat show up on your computer because you will not be given a key to decrypt your files for free. No malware could enter your system without your knowledge if you keep a reputable security application enabled, so install an antimalware tool as soon as possible.

You will first need to undo the changes made on your computer by MindSystem Ransomware so that you could delete it. We want to tell you in advance that your files will not be unlocked even if you delete this infection fully from your system. Despite the fact that your data will stay encrypted, you must remove this infection as soon as possible to protect the rest of the data and new files that will be created in the future.

How to remove MindSystem Ransomware

Launch Explorer

  1. Press Win+R.
  2. Type explorer.exe and press Enter.

Enable CMD and Registry Editor

  1. Type gpedit.msc and hit Enter.
  2. Go to User Configuration.
  3. Select Administrative Templates and go to System.
  4. Double-click Prevent access to the command prompt.
  5. Mark Not Configured or Disabled.
  6. Click OK.
  7. Double-click Prevent access to registry editing tools.
  8. Mark Disabled or Not Configured. Click OK.

Enable Task Manager

  1. Press Win+R.
  2. Type regedit.exe and click OK.
  3. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  4. Locate the Value DisableTaskMgr, right-click it, and type 0 instead of 1 in the Value data field.
  5. Click OK.

Enable the Windows lock (Win+E) functionality

  1. Press Win+R.
  2. Type regedit.exe and click OK.
  3. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  4. Find the DisableLockWorkstation Value there, right-click it, and type 0 in its Value data field.
  5. Click OK.

Add Shut Down to the Start menu

  1. Launch Run (Win+R), type regedit.exe, and click OK.
  2. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
  3. Locate the NoClose Value.
  4. Double-click it and then type 0 in its Value data. Click OK.

Enable log off

  1. Tap Win+R and type regedit.exe. Click OK.
  2. Open HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  3. Double-click NoLogoff and type 0 in the Value data. Click OK.

Enable fast user switching

  1. Tap Win+R.
  2. Type regedit.exe. Click OK.
  3. Go to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  4. Find the HideFastUserSwitching Value.
  5. Right-click it and type 0 in the Value data field.
  6. Click OK.

Enable UAC

  1. Launch Run (Win+R), enter regedit.exe, and click OK.
  2. Move to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  3. Open EnableLUA.
  4. Change its Value data to 1.
  5. Click OK.

Enable Change Password

  1. Press Win+E.
  2. Type regedit.exe and click OK.
  3. Open HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  4. Find two Values: DisableChangePassword and NoClose.
  5. Enter 0 to their Value data fields and save the changes.

Delete the ransomware infection

  1. Open Explorer (Win+E).
  2. Delete recently downloaded files from %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP%.
  3. Delete key.txt and file.jpg from %USERPROFILE%\Desktop.
  4. Empty Recycle bin.

In non-techie terms:

Although MindSystem Ransomware has originally been released for educational purposes, it does not mean that it cannot be updated one day by cyber criminals. If they start using it as a tool to obtain money from users, you might encounter this infection too and find your files encrypted. Luckily, there is a way to prevent this from happening – install a security application on your computer to protect your system from the entrance of dangerous malicious applications.