Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Ordinal Ransomware

Ordinal Ransomware is a dangerous infection that is still in development mode. It means that those who get infected with it do not experience the full extent of ransomware attack. Nevertheless, just because this program has not been developed fully yet, it does not mean you should take a breather here. The infection can still enter your computer and encrypt your files. Therefore, you need to find ways to remove Ordinal Ransomware from your system and then protect your computer from other similar threats. Should you have more questions about computer security and so on, please do not hesitate to leave us a comment below.

On the other hand, since the program has not been fully developed yet, it is hard to say how it spreads around. Normally, a work-in-progress program tends to be distributed manually. It means that cyber criminals use such channels as corrupted remote desktop connections to infect target computers. In fact, unsafe remote desktop client applications are often used in ransomware distribution. Although that distribution method is not as common as spam email attachments, we often come across underdeveloped ransomware infections that use exactly this method to spread around. So it would not be a surprise if Ordinal Ransomware entered your computer like that, too.

Once the program enters your computer, it targets a wide variety of files. Considering the list of directories this program encrypts, you can be sure that most of your personal files will be affected by this infection. During our research we have found that the infection targets the following folders:

  • %USERPROFILE%\Desktop
  • %USERPROFILE%\Contacts
  • %USERPROFILE%\Documents
  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Pictures
  • %USERPROFILE%\OneDrive
  • %USERPROFILE%\Saved Games
  • %USERPROFILE%\Favorites
  • %USERPROFILE%\Searches
  • %USERPROFILE%\Videos

So if you have most of your files saved in any of the above-mentioned folders, it could be that you will lose your data once Ordinal Ransomware enters your computer. Please take note that those are the default folders created by the operating system. While most users keep their files there, there are also users who create their own directories or disc partitions that may not be included in those default folders. If that is in your case, you might save yourself the trouble of dealing with the encrypted files. Of course, the best way to avoid encryption is to have a backup drive where you would be saving copies of your most important documents.

When Ordinal Ransomware is launched, this program creates a Point of Execution for its main file in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run directory. Also, when the encryption is complete, the program will display a ransom note across your screen, and it cannot be minimized or moved. The good news is that you CAN close the window via Task Manager because Ordinal Ransomware does not block this system utility. It is probably because the program is still under development, and we cannot be sure that the fully developed version of this infection would still be like that. Either way, you can close the ransom note by killing the malicious process via Task Manager.

Ordinal Ransomware also asks you to pay 1 BTC to regain your files. It is actually a whole lot of money because 1 BTC equals approximately $5850. It is obvious that unless you are a corporation or some firm, you cannot muster that much money immediately. This may also mean that the creators of this ransomware aim to target not individual users but various firms and corporations. Perhaps their target is not individual computers, but entire corporate computer systems. Whichever it might be, it is clear that Ordinal Ransomware can be a formidable threat to multiple systems worldwide.

Removing this malware from your computer might seem challenging, but you can do it manually if you follow the instructions we have provided below. Please note that you can always rely on an automated security tool that will delete everything associated with this infection from your system at once. However, you will still have to close the ransom note yourself, before you download the security tool of your choice.

If something does not go as planned, do not hesitate to ask for assistance by leaving us a comment. Our team is always ready to assist you.

How to Remove Ordinal Ransomware

  1. Press Ctrl+Shift+Esc and the Task Manager will open.
  2. Open the Processes tab and highlight the malicious process.
  3. Click End Process and close Task Manager.
  4. Go to your Downloads folder and delete the most recent files.
  5. Press Win+R and type regedit. Click OK.
  6. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  7. On the right side, right-click the Main value and select to delete it.
  8. Scan your computer with a security tool.
Download Spyware Removal Tool to Remove* Ordinal Ransomware
  • Quick & tested solution for Ordinal Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.