Pendor Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 10,308 |
Threat Level: | 100 % (High) |
Infected Computers: | 440 |
First Seen: | September 6, 2017 |
Last Seen: | September 16, 2023 |
OS(es) Affected: | Windows |
PC security researchers uncovered the Pendor Ransomware recently. The Pendor Ransomware carries out a typical encryption ransomware attack and demands the payment of 50 USD as a ransom. The Pendor Ransomware marks the files encrypted by its attack so that the file's name will have the file extension '.pnr' added to it. The Pendor Ransomware attack encrypts the victims' files in a way that they cannot be accessed or read. The Pendor Ransomware delivers its ransom note in the form of a text file named 'READ_THIS_FILE_1.TXT' dropped on the infected computer's desktop. The Pendor Ransomware ransom note claims that the victim must pay a large ransom to recover the affected files. Victims are asked to contact the con artists at the email address pendor@tuta.io and provide a particular ID that is included in the ransom note. A couple of other email addresses that have been linked to the Pendor Ransomware attack include pendor@tuta.io and pendor_1@tutanota.com.
Table of Contents
The Pendor Ransomware Uses Unsafe Websites to Enter a Computer
Ransomware Trojans can spread in a variety of ways. PC security researchers strongly suspect that the Pendor Ransomware is being delivered to victims through the use of corrupted email attachments. The con artists will send out spam email messages with compromised attachments that deliver the Pendor Ransomware to the victim when they are opened. PC security researchers strongly advise computer users to take steps to handle spam email messages safely to prevent these attacks. The Pendor Ransomware can spread through attack websites, which include exploiting unsafe links. Typical websites used to deliver threats like the Pendor Ransomware include websites with pornographic content, file sharing websites and online casinos. Avoid accessing on any advertisements or links on these websites and be aware that it is common to be redirected to unsafe websites when viewing this content.
How the Pendor Ransomware Infection Works
The Pendor Ransomware was first observed in September 2017. The Pendor Ransomware uses a strong encryption algorithm to make the victims' file inaccessible. Every time the Pendor Ransomware encrypts one of the victim's files with these strong encryption methods, the Pendor Ransomware will add the file extension '.pnr' to the end of each affected file's name. The Pendor Ransomware targets a wide variety of file types, encrypting the user-generated files and avoiding Windows native files. The files targeted in the Pendor Ransomware attack include images, spreadsheets, video, photos, audio, eBooks, texts, and a variety of file types associated with commonly used software. The Pendor Ransomware's ransom note, contained in the text file 'READ_THIS_FILE_1.TXT,' demands the payment of 50 USD be paid using Bitcoins. Like many other encryption ransomware Trojans, the Pendor Ransomware's ransom note includes detailed instructions on how to purchase Bitcoin and carry out the payments using this online currency. Bitcoin tends to be the preferred payment method in these attacks because it allows the con artists to receive payments anonymously.
Dealing with a Pendor Ransomware Infection
Computer users need to refrain from paying the Pendor Ransomware ransom. The people responsible for the Pendor Ransomware attack are unlikely to keep their promise to deliver a decryption key after the payment. Even if they deliver it, paying these ransoms allows them to continue creating and distributing threats like the Pendor Ransomware. Furthermore, once the computer users demonstrate a willingness to pay the ransom, it is likely that they will be targeted for future ransomware attacks. Instead, PC security researchers advise computer users to take preventive steps. The best shield against these attacks is to have a reliable backup system on an external device or the cloud. Having backups means that the con artists can no longer demand a ransom payment since the victim can simply restore the encrypted files from the backup rather than having to rely on their' generosity and trust that they will keep their word to restore the affected files.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.