Mpal Ransomware Removal Guide

Mpal Ransomware is a recently created file-encrypting threat that is based on the so-called Stop Ransomware. It encrypts files that are not related with the infected device’s operating system or other software and shows a ransom note just like other threats from the Stop Ransomware family. If you want to know what happens if this malicious application appears on a system in more detail, we invite you to read our full report. At the end of it, we offer deletion instructions that show how users could erase Mpal Ransomware manually. If you do not think you can handle such a task, we recommend leaving it to a reliable antimalware tool of your choice. Also, if you have any questions about this file-encrypting threat, feel free to leave us a message in the comments area.

If you wonder how a malicious application like Mpal Ransomware could appear on your system, you should know that there a few ways. For instance, the malware’s developers could distribute it through malicious email or other types of messages. Thus, we always recommend being cautious with messages that carry links or files that you are not expecting to receive. The malicious application’s launcher could also be distributed through various file-sharing web pages, which is why it is advisable not to download data from such websites. If you ever wish to open a file that comes from untrustworthy sources, we recommend scanning it with a reliable security tool first. If it is a link, you should scrutinize it to see where it might lead you to. Remember that both malicious links and files might be made to look harmless from first sight, so it is important to pay attention to details.

If the file carrying Mpal Ransomware is launched, the malware should create data that it may need to settle in and then start encrypting valuable files. For example, the threat could be after photographs, videos, various documents, etc. The malicious application should not only encrypt such data but also mark it with a second extension called .mpal, e.g., kittens.jpg.mpal. Therefore, victims of the malware should be able to tell which files are encrypted and, as a result, unreadable, by inspecting their full names. Besides encrypting your files, Mpal Ransomware should also display a ransom note on a text file called _readme.txt. The message it contains should say that you can restore all your files if you pay 980 US dollars. To convince you to pay, hackers might offer their decryption tools for a half of the price if you get in touch with them in 72 hours. Plus, they may offer to decrypt a single file free of charge.

What you should keep in mind is that no matter what cybercriminals say there are no guarantees that they will send the needed decryption tools. The only thing that they can prove is that they have such tools by decrypting a file for free. However, keep in mind that hackers may have the needed decryption means for a limited time only and that there is a chance they could scam you. Whether you decide to pay or not, we recommend deleting Mpal Ransomware because leaving it on your system could place your future data in danger. To remove it manually, you could use the instructions located at the end of this paragraph. Of course, an easier option to eliminate Mpal Ransomware is to get a reliable antimalware tool that could get rid of the malicious application for you.

Get rid of Mpal Ransomware

1. Click Ctrl+Alt+Delete.
2. Pick Task Manager and go to the Processes tab.
3. Check if there is a process belonging to the ransomware.
4. Select it and press the End Task button.
5. Close Task Manager.
6. Press Win+E.
7. Navigate to these directories:
   %USERPROFILE%\Desktop
   %USERPROFILE%\Downloads
   %TEMP%
8. Find the ransomware’s installer (suspicious recently downloaded file), right-click it, and select Delete.
9. Navigate to:
   %USERPROFILE%\Local Settings\Application Data
   %LOCALAPPDATA%
10. Locate folders with long titles that are made from random characters, for example, 9f8er774-29f4-287a-2n96-7y20uc4f8km1.
11. Right-click such folders and press Delete.
12. Find documents called _readme.txt, right-click them, and select Delete.
13. Go to: %WINDIR%\System32\Tasks
14. Locate a task belonging to the threat, e.g., Time Trigger Task.
15. Right-click the suspicious task and press Delete.
16. Exit File Explorer.
17. Press Win+R.
18. Type Regedit and click Enter.
19. Go to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
20. Find a value name belonging to the malware, e.g., SysHelper, right-click it, and choose Delete to erase it.
21. Close Registry Editor.
22. Empty Recycle Bin.
23. Restart your computer.