Home / Spyware Help / Pennywise Ransomware Removal Guide

Pennywise Ransomware Removal Guide

by 0 Comments

Do you know what Pennywise Ransomware is?

If you have found your screen locked with a window containing a picture of a clown holding balloons, we are sure you have encountered Pennywise Ransomware, a new variant of Jigsaw Ransomware. Luckily, it is still in development, so you will not find any of your files encrypted if you encounter the same version of this ransomware infection. Ignore a timer in the top-right corner either because none of your files will be automatically deleted even though the clock is ticking down. Although this infection was not very harmful at the time of writing, it does not mean that it cannot be updated soon by its author. Therefore, we recommend that you delete this infection from your computer the second you discover it active on your system. If you do nothing about its presence and it gets updates one day, your files might become encrypted. We are sure you do not want this to happen, so we suggest that you do not postpone its removal. We will provide more information about this ransomware infection before we explain to you how to delete this threat. Continue reading!

Pennywise Ransomware was surely developed to obtain money from users; however, it has turned out after a thorough analysis that it does not do anything really bad. It has been programmed to encrypt .pdf, .7zip, .xlm, .aet, .aaf, .jpeg, .raw, .bmp, .cpp, .rb, .java, .jar, .class, .js, .wps, .xlt, .mpa, .wma, .avi, .mov, .mp4, and other files by appending the .beep extension, but, as you already know, it does not lock any files. Instead, it opens a window on Desktop. It locks the screen, i.e., users can no longer access their programs and files. Luckily, it is not that hard to close it – you just need to kill the process of the ransomware infection via Task Manager. Do not worry; 1000 files will not be deleted from your computer if you close the window even though the ransom note opened claims that “you will get 1000 files deleted as a punishment” if you turn off your computer or try to close the ransomware infection. It should be emphasized that its new version might be updated and become harsher. If your files have already been marked by the .beep extension, you should not purchase the decryption key because there are still no guarantees that you could unlock your files with it. It should be emphasized that the ransom note of the Pennywise Ransomware version our specialists have analyzed does not contain any information about the ransom and how to send it, which proves again that it is in development.Pennywise Ransomware Removal GuidePennywise Ransomware screenshot
Scroll down for full removal instructions

It is not very easy to tell us why you have encountered Pennywise Ransomware, but the chances are high that you have opened a malicious attachment from a spam email and thus allowed this ransomware infection to show up on your computer. Ransomware infections are often spread via spam emails, but it is known that users might also download them from corrupted third-party pages. In some cases, they might even be dropped on users’ computers by other threats. No matter how Pennywise Ransomware has entered your system, you must disable it as soon as possible because it might cause you more problems. We cannot promise that you will never encounter a new ransomware infection again after you delete Pennywise Ransomware. The only thing that can protect you from harmful infections is a powerful antimalware tool. Install it right after you erase ransomware from your computer.

You do not need to have much knowledge about computers and/or removal of malicious software because Pennywise Ransomware does not make important modifications on victims’ computers and, as a consequence, it is quite easy to delete it. Speaking specifically, you will need to kill the malicious process belonging to it to unlock your screen, i.e., remove the window opened by the ransomware infection from it. Then, you will need to find the malicious file on your computer and delete it. If you cannot find it anywhere, scan your computer with an automated malware remover. Unlock your screen first so that you could download it from the web.

Delete Pennywise Ransomware

  1. Tap Ctrl+Shift+Esc simultaneously.
  2. Open the Processes tab.
  3. Kill the process associated with Pennywise Ransomware (right-click it and select End process/End task).
  4. Close Task Manager and open Explorer (press Win+E).
  5. Check %USERPROFILE%\Downloads and %USERPROFILE%\Desktop and delete all suspicious files.
  6. Empty Recycle bin.

In non-techie terms:

Pennywise Ransomware is a malicious application developed by cyber criminals to obtain money from users. It seems that it is still in development because it does not perform any malicious activities except for placing the screen-locking window on Desktop. Of course, it does not mean that it cannot be updated soon, so you should not keep this ransomware infection on your computer even if it has not encrypted any of your files because it might perform this activity tomorrow.