Pendor Ransomware Removal Guide

If you have found your all files with a new extension .pnr, this must be one of the first signs that Pendor Ransomware has successfully entered your computer. This ransomware infection acts like many other ransomware infections. That is, it enters computers without permission and then affects all important users’ files it manages to find stored on the system. Because of this, if Pendor Ransomware ever arrives on your computer, you could no longer open your pictures, documents, music files, videos, and much more. The only goal ransomware infections try to achieve is to convince users to spend their money on decryption software. We know that you badly need to decrypt your files, but we cannot allow you to purchase the decryptor from cyber criminals because the chances are high that you will be left without your files and your money. Yes, there are many cases when cyber criminals take users’ money, but do not give them anything in exchange, so do not become one of those unfortunate users – do not transfer your money to anyone. You are not allowed to keep Pendor Ransomware active on the system either because this infection creates a point of execution (PoE) on the affected machine, which allows it to start working on system startup.

You will soon realize that Pendor Ransomware is inside your system if it ever successfully enters your computer because all your files will immediately get a new extension, .pnr appended. In some cases, this infection drops a ransom note READ_THIS_FILE_1.txt after encrypting users’ files, but it is not a problem if you cannot find it anywhere because you can open it by double-clicking on any of the encrypted files. If you do so, a CMD window with the ransom note will appear on your screen. It explains why files cannot be opened and tells users that they can decrypt their personal data only with a special tool. The decryption tool is not free – it costs $50. Users need to send this amount of money in Bitcoin to the provided Bitcoin address. Then, they have to provide the personal ID and the Bitcoin address used to make a payment to cyber criminals. We cannot promise that you could decrypt your files without this tool, but, unfortunately, nobody knows whether you will really get it either, so it would be best to remove Pendor Ransomware and not to send a cent to its creators. When you fully remove this infection from your computer, you could go to restore your files from a backup. Unfortunately, there are no other ways to get files back for free, but, theoretically, a free decryption tool might be developed in the future, so do not rush to erase those encrypted files.

It is not easy to say how Pendor Ransomware has entered your system because, at the time of writing, it was not spread actively and we could not collect enough data to make final conclusions regarding the distribution methods used to spread it. Although not much is known about the distribution tactics, specialists at 411-spyware.com say that it should primarily travel via spam emails as an attachment. Have you recently opened an attachment too? If so, we are not surprised that your files have been encrypted. There are, of course, other ways to distribute ransomware infections too, so be very careful! You should, first, stop opening attachments from suspicious emails. Second, do not download software from dubious websites. Third, you should install a security application on your system so that it would be protected 24/7/365.

Unfortunately, you cannot decrypt your personal files by removing Pendor Ransomware from the system, but, of course, it does not mean that you should keep it active on your computer because it will continue working and might encrypt your all new files too. There is not much you need to do to erase this threat. It will be enough to remove all recently download files and two registry keys: HKCU\Software\Classes\.PNR and HKCU\Software\Classes\Pendor. If you can locate the .txt ransom note on your PC, delete it too. Below you will find our manual removal instructions – use them if you need some guidance, but it does not mean that it is the only way to delete this malicious application from the system – it can be deleted automatically as well.

Delete Pendor Ransomware

1. Press Win+R.
2. Enter regedit.exe in the command line and press Enter on your keyboard.
3. Go to HKCU\Software\Classes\.PNR.
4. If it has a (Default) Value with “Pendor” in the Value data, delete it.
5. Remove HKCU\Software\Classes\Pendor.
6. Close Registry Editor.
7. If you see READ_THIS_FILE_1.txt on your Desktop, remove it.
8. Go to %USERPROFILE%\Downloads and %USERPROFILE%\Desktop.
9. If you see any suspicious files there, delete them all.
10. Empty Recycle bin.