Ender Ransomware

The malicious Ender Ransomware identifies itself via a window that uses the name of the infection as its title. This window represents a message that informs that your computer was locked and that data on it was encrypted. Cyber criminals behind this infection want to convince you that you need to take action to prevent data from being encrypted for good. Our research team has also found that a newer version of this infection might exist, and we discuss this further in the report. So, was your operating system infected by this malware? If it was not, we encourage you to take appropriate security measures to ensure that you do not face this malicious threat. If it is already active, you need to remove Ender Ransomware as soon as possible. We are sure that you are interested in decrypting files; especially if you do not have backups, and you cannot recover your files in any other way. If you continue reading, you will learn all about the decryption process, as well as how to delete the ransomware from your PC.

If you think that the malicious Ender Ransomware has encrypted your personal files, we have good news for you: This malware is incapable of encrypting files! Our research team has recently analyzed this threat, and it was found that it does not even function very well on Windows 10 operating systems, which suggests that it might be in development still. If that is the case, it is possible that the threat could be enabled to encrypt files, but, right now, it is incapable of such thing. Unfortunately, once the malicious launcher file is executed, Ender Ransomware immediately opens a window that locks the screen. That means that users are unable to check files and see if or not they were corrupted. The good news is that you can resize the ransom note window and then kill the process via the Task Manager. You might also be able to “unlock” the system using any of these codes: aRmLgk8wb0WK5q7, byBkPAa1oZ, and EnderISTheBEST. According to our research, if you enter the first code, you are shown a message suggesting that 1 Bitcoin – which, at the moment, is around 5700 USD – was received. This indicates that cyber criminals intend to use the ransom to coerce victims into paying a ransom. Of course, it should not be paid under any circumstances; even if files are encrypted.

When Ender Ransomware slithers into your operating system, it modifies the Shell value in the Windows Registry under HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon. The infection changes it from explorer.exe to EnderRansom.exe, which, of course, belongs to the devious ransomware. It was found that a different version of this ransomware might exist, and this one should do the same thing to represent the ransom message. The new version should introduce you to a specific ransom sum, and it should provide you with a code that, allegedly allows identifying you. It is still unknown how this malware – both versions – is distributed, but there is a great chance that spam emails could be employed. This method of distribution has been used for the distribution of Onion3Cry Ransomware, Incanto Ransomware, Aac Ransomware, and various other infections. In some cases, malware is downloaded by other threats active on the system, which is why we also recommend employing a legitimate malware scanner to check if you need to delete other threats besides the ransomware.

If you follow the instructions below, you should be able to delete Ender Ransomware manually. First, you might need to enter one of the codes mentioned above, as well as restart the computer. If you have questions about the steps listed below, you can always start a discussion in the comments section. What if you are not experienced, and manual removal is just too complicated? In this case, it is wise to install anti-malware software that can eliminate malicious threats automatically. Without a doubt, you need to be cautious because there are plenty of fictitious security tools, and you do not want to install even more threats, do you? If you find and install a legitimate anti-malware tool, we strongly recommend keeping it installed because that is the easiest way to ensure that your operating system stays protected in the future.

Ender Ransomware Removal

1. Enter one of these codes to unlock the computer (if that does not work, resize the window, launch Task Manager, and terminate the malicious process):
   • aRmLgk8wb0WK5q7
   • byBkPAa1oZ
   • EnderISTheBEST
2. Restart the computer in a normal manner.
3. Launch RUN by tapping Win+R keys.
4. Enter regedit.exe into the dialog box and click OK.
5. Move to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon.
6. Double-click the value called Shell.
7. If you find EnderRansom.exe in the value data, overwrite it with explorer.exe.
8. Launch Explorer by tapping Win+E keys.
9. Enter these paths into the bar at the top one by one and check for the malicious launcher:
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
   • %TEMP%
10. When you find the launcher – its location could be different – right-click it and select Delete.
11. Empty Recycle Bin to ensure that the threat is completely gone.
12. Install a trustworthy malware scanner to scan your operating system and check for leftovers.