Eliminating Ransom Prank Ransomware

Sep 7th 2017 - by Fix My PC FREE in: Blog Virus Removal | 0 Comment

ATTENTION, PLEASE!

Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.

We recommend downloading Restoro to eradicate Malware for you (it should cut down the time to about 15 minutes).

>> Download Restoro <<

What is Ransom Prank ransomware?

Ransom Prank ransomware is a malicious program that belongs to a small subdivision of ransomware Trojans that features long and self-explanatory name screen locker ransomware. Unlike common rasnomware, this one does not encrypt any files in your computer. This screen-locking ransomware was introduced to regular PC users with a massive wave of spam emails that was recorded in the last week of August 2017. This malware might be created by newbie hackers in the ransomware market who may be using it to test its distribution campaign and estimate their chances of executing a successful attack.

According to researchers, Ransom Prank is set to run as Ransom Prank.exe on the compromised computers and make modifications to the list of startup programs so that it can run on the next system reboot. So once you log into your computer, the Ransom Prank.exe is loaded into the memory and instead of your usual desktop, you will be presented with a lock screen. This malware is quite the same as the layout messages of the Roblocker X ransomware and the CTB-Faker. Ransom Prank also modifies the Registry and injects code into the legitimate system processes like the Windows Task Manager. This allows the threat to suppress the activation of clean apps, AV shields, and other security mechanisms. Some of these screen-locking malware can even temper with the keyboard mapping as well as disable parts of the keyboard entirely so that its victims will have a hard time from accessing their computer.

During its attack, Ransom Prank brings up a full-screen page that says “Your Computer is Locked!” and states the following message:

“Your Computer is Locked !

Your importing files are encrypted !

Many of your documents, photos, viedos, databases an other files are no longer accessible because they have been encrypted.

Maybe you are busy looking for a way to recover your files, but do not waster your time. Nobody can recover your files without our decrytionservice

Can I Recover My Files?

Sure. We garantee that you can recover all your flies safely and easily. But you have not so much time.

You have only 3 days to submit the payment. After that the price will be doubled.

Also if you don’t pay in 7 days, you won’t be able to recover your files forever.

We will have free events for users who are so poor that they couldn’t pay in 6 month.

How Do I Pay?

Payment is accepted in Bitcoin only. Go online for more information.

Please check the current price of Bitcoin an buy some bitcoins.

And send the correct amount to the address specified in this window.

Once the payment is checked, you can start decrypting your files by getting the DecrytionCode.

Send 0.5 Bitcoin to

[RANDOM CHARATCERS]”

Just so you know, the wallet address listed in the message is not registered online. According to cyber security experts, they aren’t sure what to make of the Ransom Prank ransomware but the thing is, they have found the unlock code for the screen which was embedded in the Ransom Prank.exe. So if you are shown with the lock screen, look for the empty box and key in 12345. This should deactivate the Ransom Prank Trojan. Antivirus programs support virus signatures for the Ransom Prank ransomware and use the detection names below in the security alerts:

  • Generic.Ransom.Hiddentear.A.085EBFF1
  • Mal/Generic-S
  • Ransom_SCRNLOCKER.G
  • TR/Hiddenrear.wqqyk
  • Trojan.Ransom.ScreenLocker
  • W32/GenBl.F5F5AFA1!Olympus
  • a variant of MSIL/Hoax.FakeFilecoder.BF
  • malicious_confidence_60% (W)
  • malware (ai score=89)

How does Ransom Prank spread its malicious infection?

Ransom Prank spreads its malicious executable infection using spam email attachments. These emails contain attachments that are disguised as a Microsoft Word document which is macro-enabled. And once you open it, the macro-enabled document will execute a command to connect to its Command and Control server to drop a malicious executable file in your computer which is Ransom Prank.exe. To prevent this from happening again, make sure that you stir clear of any suspicious emails right away.

Eliminate Ransom Prank ransomware by following the removal guide below.

Step 1: To unlock your screen and to access Desktop, look for the empty box and key in the code 12345.

Step 2: Open Windows Task Manager by pressing Ctrl + Shift + Esc at the same time.

Step 3: Go to the Processes tab and look for Ransom Prank.exe and any suspicious processes and then kill them.

Step 4: Open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.

Step 5: Look for Ransom Prank Ransomware or any suspicious program and then Uninstall them.

Step 6: Hold down Windows + E keys simultaneously to open File Explorer.

Step 7: Go to the directories listed below or any other directories that you might have saved the malicious file related to the screen-locking virus.

  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Desktop
  • %TEMP%

Step 8: Look for a malicious file named Ransom Prank.exe and other suspicious-looking files and delete them.

Step 9: Empty the Recycle Bin.

 

Follow the continued advanced steps below to ensure the removal of the Ransom Prank Ransomware:

Perform a full system scan using SpyRemover Pro.

  1. Turn on your computer. If it’s already on, you have to reboot
  2. After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
  3. To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
  4. Windows will now load the Safe Mode with Networking.
  5. Press and hold both R key and Windows key.

  1. If done correctly, the Windows Run Box will show up.
  2. Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
    A single space must be in between explorer and http. Click OK.
  3. A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.

  1. Click OK to launch SpyRemover Pro.
  2. Run SpyRemover Pro and perform a full system scan.

  1. After all the infections are identified, click REMOVE ALL.

  1. Register SpyRemover Pro to protect your computer from future threats.

 

No Comment

Leave a Reply

Name Required

Website