PornBlackmailer Ransomware Removal Guide

Do yo know what PornBlackmailer Ransomware is?

Ransomware infections differ in their complexity, which means that they not only encrypt files or lock the screen. The PornBlackmailer ransomware is a scareware threat spread by an adult websites named Xvideos, and once the malicious file is launched on the victim's computer, the infection displays it threatening warning aimed at making the victim pay up. The payment is said to stop the attackers from informing law enforcement institutions, such as FBI, Interpol, and some others, about the user's use of pornographic material. You should ignore the attempts to menace you and should also take immediate action to remove the PornBlackmailer ransomware from the computer.

The PornBlackmailer ransomware is a relatively new infection, launched in early January, 2018. The infection was reported on a forum as a threat that does not encrypt files but seek to extort money. The scare tactics used by this threat could easily deceive inexperienced computer users into following the instructions displayed, but we strongly advise you against following its instructions.

The PornBlackmailer threat has been found as two slightly different samples, both of which use the same blackmail warning but make some different configurations. Nevertheless, the threat should be removed as soon as possible.

On the computer, the PornBlackmailer ransomware changes the desktop background shortly after the malicious .scr file is launched. The nefarious background image displays the IP address and instructs the victim to find the file READ_ME.txt for more information about further actions. In total, nine READ_ME files are created on the desktop.PornBlackmailer Ransomware Removal GuidePornBlackmailer Ransomware screenshot
Scroll down for full removal instructions

According to the .txt file, the IP address, geographical location, browsing cookies, screenshots, and other information that could be reported to police is sent to a remote server so that it can be sent to law enforcement institutions if the money demanded is not paid before the deadline passes. Research on the samples of the infection has revealed that the data mentioned in the warning is created in a file named your_information.txt and not sent to any remote server. Additionally, the victim's location on the map is screenshoted and the file is named your_location.jpg. The two files are created in the directory C:\Users\user\Robin\server_logs by one of the variants, whereas the other variant creates files in the %Userprofile%\Cerber\server_log directory, which has nothing in common with the notorious ransomware dubbed Cerber. The malicious directory created by PornBlackmailer also stores four screenshots of the desktop which are made to catch the user in action of using forbidden content and then scare her into believing that the screenshots will be reported to the police.

The PornBlackmailer ransomware copies itself as temps.exe to the %APPDATA% directory, in which the image bg_robin.pjg used for the desktop background is also created.

The attackers set a deadline of 24 hours to pay a release fee of 0.01 Bitcoin, which has to be paid to a digital wallet that is supposedly created just for the victim. If the victim does not adhere to the terms provided, she will supposedly get at least a one-year sentence in jail. Instead of following the demands of the attackers, you should remove the PornBlackmailer ransomware and shield the system against malware, which you can easily do by implementing a reputable anti-malware program.

As regards ransomware, or scareware prevention, you should bear in mind that such money extortion software programs are spread via emails and by various websites, including adult-oriented websites containing prohibited content and software sharing websites. Being aware of malware distribution methods is essential so that you can critically assess every questionable situation involving your engagement with an unknown third party or its content offered to you. Therefore, do not trust questionable emails asking you to download attached files, and pop-up encouraging to scan the system because some malicious threats are said to be running on the PC. Moreover, keep the operating system and software updated, and do not ignore recommendations to use strong passwords wherever they are necessary so that no malware or hacker gets unauthorized access to your PC.

Now when you know that this extortionware is nothing but a well-thought-out plan to swindle your money out, install a powerful anti-malware program to have the PornBlackmailer threat removed. It is also possible to remove PornBlackmailer manually, which you can do using the removal guide given below, but you should bear in mind that even if you manually remove the scareware, the system remains unprotected against various online threats, some of which may dramatically affect the operating system or valuable files.

How to remove Blakcmailer Ransomware

  1. Delete all questionable recently downloaded files from the desktop and/or the Downloads folder.
  2. Access the directories %Userprofile%\Robin and %Userprofile%\Cerber to find and delete the folder server_logs.
  3. Remove the files temps.exe and bg_robin.jpg located in the %APPDATA% directory.
  4. Delete 9 copies of the file READ_ME.txt created on the desktop.

In non-techie terms:
PornBlackmailer is a money extortion-oriented infection that neither encrypts files, nor disables access to them. The PornBlackmailer threat seeks to scare victims into thinking that they will be reported to law enforcement because of the illegal use of prohibited pornopgrahic content. The money for not denouncing the user of the affected computer to police is requested in Bitcoin, which is a digital currency enabling cyber criminals to remain unidentified. It is highly advisable to ignore the request to pay up, because the infection does not actually store the supposedly gathered data on any remote server.