If you find out that Ordinal Ransomware has attacked you, it is quite certain that most of your files on your hard disk have been rendered unusable by way of military-grade encryption. This vicious program can encrypt hundreds of file extensions to cause the biggest possible devastation on your system. This is to extort a rather high ransom fee from you. In fact, this fee is so high that normally only bigger corporations would be targeted with such demands. Although our tests show that this .NET program is not yet a finished infection, it can certainly cause huge damage to you unless you are secured by a backup. Such malicious attacks prove that it is essential to have a backup at least in cloud storage or, even better, on a removable hard disk. We do not advise you to pay the ransom fee because you would be supporting cybercrime as such. Although it is all up to you, we strongly recommend that you remove Ordinal Ransomware from your system immediately. Please read on to learn more details about this dangerous malware infection so that you may be able to protect your PC in the future.
It is quite possible that you have opened a spam mail recently and you also viewed its file attachment. Unfortunately, this attachment is the malicious file that will activate this severe attack. Obviously, this file is not that conspicuous so that you could easily spot it as potentially harmful. This attachment may, for example, show up as an image, a document, or a .zip file. Most likely you would not open such a file just for no reason. Well, these cyber criminals will give you one. This whole spam is about convincing you that you must see this attachment starting from the sender name and e-mail address through the subject line, and finally, the body of the mail, too. This spam is built on a basic human trait: curiosity. A decade ago spam mails were very easy to spot and filter. However, nowadays spam filters are way too strict in their endeavor to protect you against malicious mails that they often make mistakes, too, and place legitimate e-mails in your spam folder. You must remember that even if you delete Ordinal Ransomware from your system, you cannot stop its destruction in time. In other words, you cannot recover your encrypted files by deleting Ordinal Ransomware.
This ransomware may still be under development, yet it is capable of striking hard. However, before this beast starts up its vicious parade, it searches for these strings in running processes: "wireshark," "dnspy," "ilspy," "fiddler," and "fiddler4"; if any of these processes is located, the ransomware crashes and you may not lose your files after all. Once this check is done, however, this ransomware program encrypts hundreds of file extensions with AES-256 and renders your files useless, including your photos, videos, audios, databases, archives, and third-party program files. These are the folders that this malicious threat targets on your system:
Your encrypted files get a ".Ordinal" extension. When all the missions are completed, this threat displays its ransom note screen that blocks your screen and you cannot minimize or close this window unless you kill the malicious process via Task Manager. This ransom note tells you that the only way for you to get your files back is for you to pay 1 BTC ($6,587 at the moment) to "1HMnuFLBUex2ykPMFtVs7cnP8aENbwyGjJ" Bitcoin wallet address, which seems to be empty for the time being. If you have made the transfer, you have to send an e-mail to "TEST@protonmail.com" with your ID that you can find in this ransom note window. You should receive the decryption program and key within 2 days. If you fail to pay within 7 days, your key will be deleted from the remote server. Since there is little chance that these cyber criminals will send you anything other than another malware infection, we do not recommend that you transfer this huge amount. We advise you to remove Ordinal Ransomware ASAP.
In order for you to be able to delete Ordinal Ransomware from your system, you need to end the malicious process first via Task Manager. Then, you can delete the Point of Execution (PoE) it creates in your Run registry entry. Finally, you can bin the malicious executable before restarting your machine. Please follow our instructions below if you feel skilled enough to tackle this dangerous threat yourself. Of course, it is always better and more efficient if you defend your system with a reliable anti-malware program like SpyHunter. And, this is what we suggest too if you would like to keep your computer secure in the future.
# | File Name | File Size (Bytes) | File Hash |
---|---|---|---|
1 | Ordinal ransomware.exe | 47104 bytes | MD5: 8bcffc24d7a50cdff0c52c46a7a124fa |
# | Process Name | Process Filename | Main module size |
---|---|---|---|
1 | Ordinal ransomware.exe | Ordinal ransomware.exe | 47104 bytes |