Payment Ransomware Removal Guide

Do you know what Payment Ransomware is?

Payment Ransomware is a new malicious application our malware researchers spotted for the first time at the beginning of December, 2017. Even though users are told that their files have been encrypted, our specialists did not find a single encrypted file during the analysis, which suggests that it might still be in development. Of course, it might also be a new tactic to persuade users into paying money. Even though Payment Ransomware opens a window to victims after the successful entrance, it can be closed quite easily, so you could check these personal files yourself. It should be enough to press Alt + F4 simultaneously to close it. It does not mean that the ransomware infection is gone when its window is closed. You will still need to erase it from your computer so that it could not encrypt your new files ever again. Luckily, it is quite a simple malicious application if compared to other serious threats designed for money extortion, so you should be able to remove it from the system manually. If you have never erased any malicious application from your computer, you should read what we have to say about it first and then follow the manual removal guide prepared by specialists (you can find it below this article).

Judging from the language (Spanish) used by Payment Ransomware, its prime targets are Spanish-speaking users. Of course, it does not mean that other users cannot encounter this threat too. It is impossible not to notice the entrance of this ransomware-type infection because it opens a window on victims’ Desktops right after the successful entrance. It will not allow you to access your programs and files, but, as mentioned in the first paragraph of this article, you only need to press two buttons (Alt+F4) simultaneously to close it. This window contains a message. It tells users that their files (documents, images, videos, etc.) have been encrypted. Also, they are told that they need a decryption code to get those files back. This code can be purchased from cyber criminals. Do not send Bitcoins to crooks because you can close the window opened on your Desktop yourself and, on top of that, the chances are high that none of your files have been locked. Actually, we do not recommend sending money to crooks even if you have really found some of your files locked because cyber criminals do not always give users what they pay for. In this case, the decryption tool. Your money will not be returned to you either, and you could do nothing to get it back.Payment Ransomware Removal GuidePayment Ransomware screenshot
Scroll down for full removal instructions

The infection rate of Payment Ransomware is considerably low. That is, it has not affected many computers yet. As a consequence, it is hard to make conclusions about methods used to spread it. Not much is known about its distribution, but, according to our researchers, it should be spread via spam emails as other ransomware infections. Users usually allow malware to enter their computers by opening attachments from these emails or clicking on malicious links they find inside them. Also, this infection might show up on your computer if use RDP and its credentials are unsafe. Last but not least, you might download malicious software from the web yourself. Of course, you will find out about the entrance of the ransomware infection only after you notice a window opened on your Desktop. We have to admit that it is not always an easy task to prevent malware from entering the system. It is the reason we recommend all our readers enabling security software on their computers too.

You can delete Payment Ransomware right now, but, unfortunately, you could not unlock your files by simply deleting the ransomware infection if they have all been encrypted (which is not very likely). This threat is not sophisticated malware, so you could delete it fully by closing its window and removing all recently downloaded suspicious files from the main directories (they are all listed in the manual removal guide you can find below). If you cannot find any potentially dangerous files on your computer, scan your system with an automated malware remover – you can get it from the Internet.

Remove Payment Ransomware

  1. Press Alt+F4 on your keyboard to close the window opened by Payment Ransomware.
  2. Open Explorer (Win+E).
  3. Check all directories listed below and delete all suspicious files from them:
  • %USERPROFILE%\Desktop
  • %USERPROFILE%\Downloads
  • %TEMP%
  • %APPDATA%
  1. Empty Trash.

In non-techie terms:

Payment Ransomware does not encrypt files on compromised machines right now, but it might be updated one day and start working as a typical ransomware infection. If you encounter the updated version in the future, it will cause you trouble because it will mercilessly lock your all personal files. It is not very likely that it will be possible to unlock them if you have never backed up your files. Specialists recommend backing up valuable data periodically so that encrypted files could be replaced with their copies in case of the successful entrance of malware corrupting files.