Threat Database Ransomware Pendor Ransomware

Pendor Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 10,308
Threat Level: 100 % (High)
Infected Computers: 440
First Seen: September 6, 2017
Last Seen: September 16, 2023
OS(es) Affected: Windows

PC security researchers uncovered the Pendor Ransomware recently. The Pendor Ransomware carries out a typical encryption ransomware attack and demands the payment of 50 USD as a ransom. The Pendor Ransomware marks the files encrypted by its attack so that the file's name will have the file extension '.pnr' added to it. The Pendor Ransomware attack encrypts the victims' files in a way that they cannot be accessed or read. The Pendor Ransomware delivers its ransom note in the form of a text file named 'READ_THIS_FILE_1.TXT' dropped on the infected computer's desktop. The Pendor Ransomware ransom note claims that the victim must pay a large ransom to recover the affected files. Victims are asked to contact the con artists at the email address and provide a particular ID that is included in the ransom note. A couple of other email addresses that have been linked to the Pendor Ransomware attack include and

The Pendor Ransomware Uses Unsafe Websites to Enter a Computer

Ransomware Trojans can spread in a variety of ways. PC security researchers strongly suspect that the Pendor Ransomware is being delivered to victims through the use of corrupted email attachments. The con artists will send out spam email messages with compromised attachments that deliver the Pendor Ransomware to the victim when they are opened. PC security researchers strongly advise computer users to take steps to handle spam email messages safely to prevent these attacks. The Pendor Ransomware can spread through attack websites, which include exploiting unsafe links. Typical websites used to deliver threats like the Pendor Ransomware include websites with pornographic content, file sharing websites and online casinos. Avoid accessing on any advertisements or links on these websites and be aware that it is common to be redirected to unsafe websites when viewing this content.

How the Pendor Ransomware Infection Works

The Pendor Ransomware was first observed in September 2017. The Pendor Ransomware uses a strong encryption algorithm to make the victims' file inaccessible. Every time the Pendor Ransomware encrypts one of the victim's files with these strong encryption methods, the Pendor Ransomware will add the file extension '.pnr' to the end of each affected file's name. The Pendor Ransomware targets a wide variety of file types, encrypting the user-generated files and avoiding Windows native files. The files targeted in the Pendor Ransomware attack include images, spreadsheets, video, photos, audio, eBooks, texts, and a variety of file types associated with commonly used software. The Pendor Ransomware's ransom note, contained in the text file 'READ_THIS_FILE_1.TXT,' demands the payment of 50 USD be paid using Bitcoins. Like many other encryption ransomware Trojans, the Pendor Ransomware's ransom note includes detailed instructions on how to purchase Bitcoin and carry out the payments using this online currency. Bitcoin tends to be the preferred payment method in these attacks because it allows the con artists to receive payments anonymously.

Dealing with a Pendor Ransomware Infection

Computer users need to refrain from paying the Pendor Ransomware ransom. The people responsible for the Pendor Ransomware attack are unlikely to keep their promise to deliver a decryption key after the payment. Even if they deliver it, paying these ransoms allows them to continue creating and distributing threats like the Pendor Ransomware. Furthermore, once the computer users demonstrate a willingness to pay the ransom, it is likely that they will be targeted for future ransomware attacks. Instead, PC security researchers advise computer users to take preventive steps. The best shield against these attacks is to have a reliable backup system on an external device or the cloud. Having backups means that the con artists can no longer demand a ransom payment since the victim can simply restore the encrypted files from the backup rather than having to rely on their' generosity and trust that they will keep their word to restore the affected files.

SpyHunter Detects & Remove Pendor Ransomware

Registry Details

Pendor Ransomware may create the following registry entry or registry entries:


Most Viewed