Ponce.lorena@aol.com Ransomware Removal Guide

Ponce.lorena@aol.com Ransomware might not be the most dangerous infection out there, but it is still a malicious intruder, and it has to be taken seriously. All the more so that this program can and does encrypt your files once it enters your system. You will have to remove Ponce.lorena@aol.com Ransomware from your PC as soon as possible. While the manual removal is not complicated, it might be too bothersome, so you can also terminate the infection with an automated antispyware tool. On the other hand, it is a lot better to avoid the infection rather than deal with it.

How is it possible to avoid this ransomware program, though? Well, it happens to be another version of Globe Imposter Ransomware, so it probably spreads just like all the other programs from this group. As far as we know, ransomware usually spreads through spam email attachments, malicious downloads, and unsecured RDP connections. It also means that users download the malicious installer files themselves, but they are not aware of that. They think that the file could be some important document, and they end up opening that file. How can you check the legitimacy of downloaded files? You can scan them with a security tool of your choice!

Also, please avoid downloading programs from third-party sources because they might be full of potentially harmful installers. Although security experts always emphasize the importance of security tools, your system security also depends on your habits, and how aware you are of all the potential threats. In other words, you could avoid Ponce.lorena@aol.com Ransomware if you were more careful about the content you encounter online.

Now, if Ponce.lorena@aol.com Ransomware managed to enter your system, do not succumb to panic. If you panic, you will only make this job easier for cybercriminals. The infection will clearly run a full PC scan to locate all the files it can encrypt. After the encryption, you will see that all the files have a new extension – “.[ponce.lorena@aol.com].” This shows that the email used by the criminals is used for the ransomware name. In fact, that is quite common that the extensions work as ransomware keywords because there are so many infections out there that sometimes it is hard to come with new names for them.

Either way, when the encryption is complete, it is clear that Ponce.lorena@aol.com Ransomware also displays a ransom note. The ransom note is dropped in every single folder that contains encrypted files, and it is found in the file HOW_RECOVER.html. Check out an extract from the ransom note:

Your files are encrypted!
To decrypt, follow the instructions below.
<…>
Send 1 crypted test image or text file or document to ponce.lorena@aol.com
<…>
We will give you the decrypted file and assign the price for decryption all files
MOST IMPORTANT!!!
Do not contact other services that promise to decrypt your files, this is fraud on their part!

Although it is hard to tell how much these criminals would ask for the decryption, it is very likely that they would ask a lot, and then just scram with the money. Do not engage in a useless banter with these criminals. Simply remove Ponce.lorena@aol.com Ransomware with a legitimate security tool, and then look at what you can do to restore your files. If you do not have a file back-up, you might still have some of your files saved on your other devices, so do not lose hope.

On the other hand, this infection is also a good lesson that you have to be always ready for the worst. So if you have a chance to back up your files, do it today.

How to Delete Ponce.lorena@aol.com Ransomware

1. Remove the most recently downloaded files.
2. Press Win+R and enter %LocalAppData%. Press OK.
3. Delete the ransomware EXE file.
4. Press Win+R again and enter regedit. Click OK.
5. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVErsion\RunOnce.
6. On the right, right-click and remove the BrowserUpdateCheck value.
7. Use SpyHunter to scan your computer.