Pennywise Ransomware

Pennywise Ransomware is a threat that has the potential to encrypt files and demand a ransom fee in return for a decryptor. This devious and dangerous infection comes from the same group of malware as Colecyrus@mail.com Ransomware, Gendarmerie Ransomware, and Trick-Or-Treat Ransomware. Though not all of these threats work in the same ways, they are all designed by cyber criminals who want to trick victims into paying ransom fees. If the malicious threat slithers into your operating system and successfully encrypts your personal files, you might find yourself in a situation where you are presented with no other option but to pay a requested sum of money. The current version of this threat does not request a ransom because it is not yet capable of encrypting files at all. That being said, the threat could be activated, and it could become truly dangerous. If you want to learn more about this malware and how to prevent its infiltration, please continue reading. By doing so, you will also learn how to remove Pennywise Ransomware.

If you have encountered the devious Pennywise Ransomware, you know where the name of this threat comes from. When this malware slithers into the operating system, it creates a file that opens a window with the image of a clown. In the recent pop culture history, a clown is associated with Pennywise, a well-known character in the horror Movie called “It.” This window also includes a timer indicating how much time is left before a set number of files are deleted. Right below the timer, you are shown the “View encrypted files” button that should show the list of encrypted files. Since Pennywise Ransomware currently does not encrypt files, this function does not work. The removal of files does not work either. Once the timer runs out, nothing happens. Nonetheless, the message at the bottom of the window is scary, and it might trick some users into thinking that their files are lost. According to this message, all personal files are encrypted, and failure to “comply” will result in their removal. There is an additional threat suggesting that 1000 files would be deleted if you restarted the computer. Since the window is represented in full-screen, you are more likely to pay attention to the threats made via the message.

Although Pennywise Ransomware orders you to “comply,” there is no information regarding what you are expected to do. In most cases, file-encryptors demand ransom fees. If the malicious ransomware was upgraded, there is a great possibility that you would be asked to pay for a decryptor as well. Whether or not this is what you are asked to do, you need to be cautious. Cyber criminals always promise file decryptors in return, but they never keep their promise after they get the money. According to our research, the malicious Pennywise Ransomware is a variant of the infamous Jigsaw Ransomware, and it certainly has the potential to act as a real file-encrypting infection. If it worked that way, it should use the AES key to encrypt files, and all files affected by it should get the “.beep” extension attached to their names. Our research team has also managed to reveal that the threat is set up to target over 120 different types of files, including .jpg, .txt, .doc, .mp3, .avi, .rar, and .zip. So, if you do not want these kinds of files on your PC to be encrypted or removed, you need to make sure that you keep malicious ransomware away.

If the malicious Pennywise Ransomware got in and encrypted your files, it is most likely that you cannot do anything to reverse the damage. In this case, you should be able to restore your personal files only if they are backed up, and you can replace the corrupted versions of your files with the backup ones. Of course, you should do that only after you delete Pennywise Ransomware. The removal of this threat is not very complex if you know where to find the launcher file. First, you need to terminate the process representing the file of a screen-locking window. If you can identify this process, finding and deleting the malicious executable will not be problematic. What about the protection of your operating system? That is even more important than the removal of the ransomware. If you think you can protect your operating system all by yourself, you might be overestimating your abilities and skills. We suggest employing anti-malware software to have the operating system protected. Besides reinstating trustworthy protection, this software will also eliminate any remaining threats.

Pennywise Ransomware Removal

1. Tap Ctrl+Alt+Delete to access the Windows menu window.
2. Select Start Task Manager and then click the Processes tab.
3. Find the {random name} process linked to the ransomware and right-click it.
4. Select Open File Location and then go back to the Task Manager.
5. Select the malicious process and click End process.
6. Go to the {random name}.exe file in the opened folder, right-click it, and select Delete.
7. Empty Recycle Bin and then perform a full system scan to check for leftovers.