Home / Spyware Help / Prnds Ransomware Removal Guide

Prnds Ransomware Removal Guide

by 0 Comments

Do you know what Prnds Ransomware is?

Prnds Ransomware seems to be a new variant of Crysis or Dharma Ransomware. Same as similar threats, the malware encrypts files with a secure cryptosystem and then displays a ransom note. According to the hacker’s message, victims need to contact them via email because it is the only way to decrypt their files. While there might be no other way to decrypt the threat’s encrypted data, there are also no guarantees that hackers will help victims even if they put up with all their demands. It is likely that victims could be asked to pay for decryption tools, which means you could lose your money in vain if hackers scam you. To learn more about the malicious application as well as the ransom note that it ought to display, we invite you to read our full report. To learn how to delete Prnds Ransomware, you could use the removal guide available below the main text.

Users who do not want to encounter Prnds Ransomware or threats alike should know that such malicious applications often travel with spam emails or other doubtful messages, files available on untrustworthy file-sharing websites, and so on. In other words, it would be unwise to open files or links from unknown senders or download data from unreliable websites if you want to avoid ransomware and many other infections that are distributed similarly. Additionally, we recommend getting a reputable antimalware tool that could guard your system against various malicious applications.Prnds Ransomware Removal GuidePrnds Ransomware screenshot
Scroll down for full removal instructions

Prnds Ransomware may encrypt various personal files that could be valuable to the victim, for example, photos, videos, documents, etc. The targeted files should not only become unusable but marked with a partly unique extension. To be more precise, the threat might add a second extension made from three parts at the end of each encrypted file. For instance, data on our test computer, received the following extension: .id-3C9E098B.[prndssdnrp@mail.fr].prnds. The first part that contains an ID number is the unique part of the malicious application’s extension as it ought to be unique to all victims. After encrypting and appending the described extension, Prnds Ransomware should create a text file called FILES ENCRYPTED.txt with a short message in which hackers ask to email them. A bigger message ought to appear on the infected computer’s screen. It should appear on a window called prndssdnrp@mail.fr.

Prnds Ransomware’s ransom note that appears on the computer’s screen should explain that only hackers behind the malware can decrypt files at the lowest price. To get more information on how to pay ransom and get the needed decryption tools, cybercriminals ask to be contacted via email. We do not recommend doing so if you do not want to risk being scammed and lose your money in vain. Especially, if you have backup copies and can replace all encrypted files. What we advise is deleting Prnds Ransomware because if you leave it on your system, you could put your future files at risk. Apparently, the malware might be able to relaunch itself. To prevent it from happening we recommend erasing the malware manually or with a reliable antimalware tool like SpyHunter that ought to identify the threat as Crysis Ransomware. If you want to try to delete it manually, you could use the removal guide available below.

Delete Prnds Ransomware

  1. Restart the computer in Safe Mode with Networking.
  2. Press Windows Key+E.
  3. Navigate to these paths:
    %USERPROFILE%\Desktop
    %USERPROFILE%\Downloads
    %TEMP%
  4. Find the malware’s launcher (suspicious recently downloaded file), right-click it and select Delete.
  5. Check these locations:
    %LOCALAPPDATA%
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  6. Locate suspicious executable files that could belong to the ransomware, right-click them and press Delete.
  7. Go to:
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %WINDIR%\System32
    %APPDATA%
  8. Find files called Info.hta, right-click them and press Delete.
  9. Then find and delete files named info.txt.
  10. Close File Explorer.
  11. Press Windows Key+R.
  12. Type Regedit and click Enter.
  13. Navigate to these paths:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  14. Look for value names belonging to the malware, right-click them and press Delete.
  15. Close Registry Editor.
  16. Empty Recycle Bin.
  17. Restart your computer.

In non-techie terms:

Prnds Ransomware is a threat that encrypts various files and, as a result, makes victims’ data unusable. Usually, hackers develop such malicious tools to extort money from users who receive them. Such threats can travel via spam emails, unreliable file-sharing sites, or even enter a system by exploiting its vulnerabilities like unsecured RDP connections, so protecting devices against them is not an easy task. After receiving the threat victims should get a proposal saying that they can purchase decryption tools of they contact the threat’s developers. To those who might be considering this option we would like to say that there are no guarantees that cybercriminals will hold on to their end of the deal. Meaning, you could get scammed. If you decide not to deal with them, we advise concentrating on how to delete the malware. You can learn how to erase Prnds Ransomware manually from the removal guide available above or you could get a reputable antimalware too that can eliminate the malware.