PornBlackmailer Ransomware

PornBlackmailer Ransomware is indeed a blackmailer as its name suggests and does not work like ordinary ransomware programs apart from pushing you to pay the ransom fee. This malware infection basically states that you have child porn on your computer and you have been distributing it as well, which are obviously grave claims. Even if you do not have such videos and, hopefully, have never watched one, being an inexperienced user, you may believe that these attackers have compromised your system and they may have stolen sensitive information from you. This is why some victims may end up paying. Although, this attack does not seem to be too effective so far as the designated Bitcoin address only shows 4 payments altogether. Still, we do not recommend that you take this ransomware too lightly. Even if your files have not been damaged or encoded, we advise you to remove PornBlackmailer Ransomware immediately from your computer. Please read on to find out more about this infection and how you can protect your PC against similar ones in the future.

It seems that the primary distribution method these attackers use is via pornographic websites where you can download videos with adult content; however, this malicious program would come along and drop onto your system. This malicious file has a .scr extension. You may be wondering what this extra file may be and you may click to run it. The next moment you will see a black screen with the fake warning that you have child porn videos on your system and that incriminating evidence and personal information have been collected about you. If you do not wish to be attacked by such a dangerous threat or any other ransomware, you need to stop visiting such sites and also, clicking on corrupt third-party advertisements, which may also be the reason to find such an infection on board. Since your files are all safe, we recommend that you delete PornBlackmailer Ransomware right away.

Another way for this ransomware infection to crawl onto your system is through spam campaigns. Please note that these spam mails can be very deceptive and appear to be perfectly normal even if one end up in your spam folder. This spam can lead you to believe that it has a "must-see" attachment, which is supposed to contain information about an alleged important matter. The cyber villains of today like to play with your curiosity and they know that some of the potential victims will not be able to resist this kind of temptation. Unfortunately, if you try to view the attached file, you will simply launch this attack and if it were an ordinary ransomware, there would be a good chance that you would lose all your important files to encryption. You may call yourself lucky this time that you can delete PornBlackmailer Ransomware without any consequences.

This ransomware creates a copy once you execute the malicious downloaded file. It renames itself as "temps.exe" and places it into your "%APPDATA%" directory. This infection also puts an image file called "bg_robin.jpg" in the same directory. Although there is no file encryption going on your system, this ransomware program does run certain operations after you launch the malicious file. It collects all kinds of information about you, your PC, and your browsers. This information is then allegedly stored on a secret remote server so that you can be forced to pay money in return for the deletion of these files. You can find some of the proof in the "%Userprofile%\Robin\server_logs" folder. As a matter of fact, we have found two slightly different versions of this ransomware threat. The other one uses the "%Userprofile%\Cerber\server_log" to store "your_information.txt" and four different screenshots as well.

Strangely enough, this malware infection drops nine copies of its ransom note text file called "READ_ME.txt" on your desktop. After all its operations have finished, this threat modifies your desktop background with the initial ransom note. This short warning message simply tells you that due to your child porn videos on your computer, information has been gathered and ready to be sent to the police automatically if you do not comply with the demands. You are instructed to open the ransom note text file on your desktop. This other note tells you to pay 0.01 Bitcoin, which is around 95 US dollars at current rate, within 24 hours. If you fail to do so, your information package will be sent to the authorities. Obviously, this is all about frightening you enough to get you to pay the ransom fee. But we do not advise you to do so. Instead, you should remove PornBlackmailer Ransomware from your PC right now.

If you are ready to take action, you can apply our step-by-step guide below this report. Since this ransomware does not create a Point of Execution in your Windows Registry, it should not be too complicated for you to accomplish even if you are not exactly experienced in IT. If you want to use a secure computer, we advise you to avoid suspicious websites, e-mails, and clicking on corrupt third-party content. However, the best you can do is install a reliable malware removal application, such as SpyHunter.

Remove PornBlackmailer Ransomware from Windows

1. Tap Win+E.
2. Delete the malicious file you saved off of the Internet.
3. Delete "temps.exe" and "bg_robin.jpg" files from "%APPDATA%" directory.
4. Replace your desktop wallpaper background image.
5. Remove the "server_logs" folder from "%Userprofile%\Robin\" or "%Userprofile%\Cerber\"
6. Remove all ransom note files ("READ_ME.txt") from your desktop.
7. Empty your Recycle Bin and reboot your computer.