Defender Ransomware is a harmful malicious application that will cause serious problems if it ever manages to infiltrate your system. Since it is a typical ransomware infection, it goes to lock files found on affected computers right away. Surprisingly, it does not demand money from users after locking files on their PCs. Of course, it does not mean that it is not dangerous. This only suggests that it might still be in the development stage, or it has been released just for fun. Do not be so sure that you cannot encounter it. If your system is unprotected, this infection might show up on your system without your knowledge one day. Are you reading this report because you have already encountered this threat? If so, you must delete it from your system as soon as possible no matter if it has locked your valuable files or not. It would be a lie if we told you that you could get rid of this infection very easily. It not only creates an entry in the Run registry key so that it could start working together with the Windows OS, but it also copies itself to %TEMP%\Cache right after it is launched by the user. Then, it sets the “hidden” attribute to this folder so that its copy could not be found and deleted. Do not worry; it does not mean that you cannot get rid of this nasty infection. Continue reading to find more about its removal.
As mentioned at the beginning, Defender Ransomware does not demand money from users, but it does not mean that it is not a dangerous threat. The first activity it performs once users launch it is encrypting their personal files. It affects all files it finds placed in %USERPROFILE%\Desktop, %USERPROFILE%\Documents, %USERPROFILE%\Videos, and %USERPROFILE%\Music directories. As can be seen, it targets the most valuable files; however, it does not want users’ money, which is very strange. You do not need to go to check all files you have to find out which of them have been affected by this ransomware infection. Defender Ransomware appends the .defender extension to all encrypted files, so you could easily distinguish them from those files that are fine. This ransomware infection not only locks data on users’ computers, but it also downloads a ransom note from http://www109.zippyshare.com/d/36zkFIuX/24164/Defender_Ransomware.txt and places this .txt file to all affected directories. You can open it but do not expect to find any information about the decryption of files there. If you ever encounter the updated Defender Ransomware version that demands money after locking files, you should not send money to cyber crooks. We know that you need your files back badly, but you need to understand that you might still not be able to unlock them after transferring money to crooks. It is quite common that ransomware developers take users’ money but do not give anything in exchange. By sending money to crooks users also encourage them to continue developing new infections.
It is hard to say when and how Defender Ransomware has entered your system because it is a newly-discovered infection, and, because of this, it is still hard to make any conclusions about its distribution. According to researchers at 411-spyware.com, this ransomware infection should not differ much from similar threats that belong to the ransomware category. That is, specialists believe that it is spread via email attachments mainly as well. It must be only one of several distribution tactics. Security specialists say that users should also be very careful with software they download from the Internet because they might install serious malware on their computers themselves. Some malicious applications are more sophisticated than others, so we cannot promise that you could prevent them all from entering your system easily. This is the reason we recommend having security software enabled on your computer too.
You will remove Defender Ransomware manually if you follow our instructions, but, unfortunately, you will not unlock any of your encrypted files by doing that. Since it is impossible to purchase the decryptor and free decryption software does not exist, it might be impossible to crack the AES encryption and unlock files. You could only restore them from a backup after you fully erase the ransomware infection.
Windows XP
Windows 7/Vista/8/8.1/10
# | File Name | File Size (Bytes) | File Hash |
---|---|---|---|
1 | MpCmdRun.exe.exe | 20480 bytes | MD5: 5dcc449d51c864eeb657c54679eb9d20 |
# | Process Name | Process Filename | Main module size |
---|---|---|---|
1 | MpCmdRun.exe.exe | MpCmdRun.exe.exe | 20480 bytes |