VINDOWS DEFENDOR Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 96 |
First Seen: | June 26, 2017 |
Last Seen: | September 27, 2022 |
OS(es) Affected: | Windows |
The VINDOWS DEFENDOR Ransomware is a screen locker ransomware infection that is designed to take the victim's computers hostage and then demand the payment of a ransom. Screen lockers work by preventing victims from accessing their computers, by displaying a full-screen message that cannot be removed. The VINDOWS DEFENDOR Ransomware will demand a ransom payment from the victim to remove the lock screen. Computer users should avoid paying the VINDOWS DEFENDOR Ransomware ransom.
Table of Contents
Besides Locking Your Screen, is the VINDOWS DEFENDOR Ransomware Capable of Encrypting Your Data?
The VINDOWS DEFENDOR Ransomware demands that the victims pay $500 USD to recover access to their computers. The VINDOWS DEFENDOR Ransomware, first released in late June of 2017, will block access to the infected computer's desktop. The VINDOWS DEFENDOR Ransomware seems to be related to other ransomware Trojans, the Levis Locker Ransomware especially, which also includes a picture of the media personality LewissTechYT and uses a ransom note and a lock screen that are almost the same. The VINDOWS DEFENDOR Ransomware may be delivered by using corrupted spam email attachments, which will take the form of infected Microsoft Word documents that use corrupted scripts and macros to download and install the VINDOWS DEFENDOR Ransomware onto the victim's computer.
How the VINDOWS DEFENDOR Ransomware Carries out Its Attack
The VINDOWS DEFENDOR Ransomware will alter the MSCONFIG panel to allow the VINDOWS DEFENDOR Ransomware to run when Windows starts up automatically. The VINDOWS DEFENDOR Ransomware is capable of evading some anti-virus programs by using this method. After the victims log into the infected computer, instead of accessing their desktops, the victims will be greeted with the VINDOWS DEFENDOR Ransomware lock screen. The VINDOWS DEFENDOR Ransomware lock screen has a red background, includes several pictures of the content detailed above, and certain images that make it seems as if the VINDOWS DEFENDOR Ransomware is part of a technical support service (although this is so badly implemented that it is transparently obvious that the VINDOWS DEFENDOR Ransomware is nothing more than a tactic).
The VINDOWS DEFENDOR Ransomware’s Encryption and Lock Screen
Apart from displaying a lock screen, it also will encrypt victims' data, according to reports received by PC security researchers. This is unusual for lock screen ransomware, and may not be true in this case. However, even if the VINDOWS DEFENDOR Ransomware is capable of encrypting data, it is likely that the VINDOWS DEFENDOR Ransomware carries out a basic version of this encryption attack that may be solvable with enough time. The following is the full text of the VINDOWS DEFENDOR Ransomware lock screen (note the poor spelling and grammar):
'VINDOWS DEFENDOR
Your dextop have Been locked due to a Following ilegal activitys on line:
*Gay Porn
*tacticming
*Bestiality
*Rape
DO NOT TURN OFF COMPUTER OR YOU LOSE FILES
You Must Pay $500 to 'Levis'
MoneyPak
[TEXT BOX] Unlock
YOUR COMPUTER WILL BE DELETED FROM:
[24 HOUR COUNTDOWN TIMER]'
Dealing with the VINDOWS DEFENDOR Ransomware
If the VINDOWS DEFENDOR Ransomware has encrypted your files, then it will be difficult to recover them. However, it is unlikely that the VINDOWS DEFENDOR Ransomware is capable of encrypting data. Malware analysts will certainly release a password to bypass the VINDOWS DEFENDOR Ransomware lock screen soon. However, even if this is not what happened, computer users can bypass the VINDOWS DEFENDOR Ransomware lock screen by using alternate startup methods to access Windows. Computer users should use Safe Mode or another alternate start-up method to access their computers while bypassing the VINDOWS DEFENDOR Ransomware lock screen. Once the affected computer can be accessed again, a security program should be capable of removing the VINDOWS DEFENDOR Ransomware completely. Malware analysts advise computer users to have backup copies of their files to ensure that in the event of a file encryption attack, their files can be recovered easily.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.