Remove Fenrir Ransomware | Updated

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

I wrote this article to help you remove Fenrir Ransomware. This Fenrir Ransomware removal guide works for all Windows versions.

Crypto-viruses, aka ransomware parasites, are the most dangerous cyber infections ever developed. A cryptovirus can either target your data, your screen, or your mobile device. Then, it demands a ransom from you (hence the name ransomware) and if you refuse to pay, you lose your files or remain locked out of your PC/mobile phone. This article is about one specific ransomware infection – Fenrir. It targets your data. After landing on board, the pest doesn’t waste any time but performs a scan of your machine in search for valuable data to encrypt. Needless to say, it easily finds everything and then locks it with a strong encryption cipher.

All of your images, music, videos, files, documents, presentations, etc. get encrypted by Fenrir and thus become unreadable to your machine. This ransomware doesn’t append one specific file extension. It creates a unique one for each victim, based on their computer`s ID. More specifically, it uses the first 10 digits of the ID. Once the encryption is complete, Fenrir drops its ransom note. It is pretty standard. You have to pay $150 before the time runs out. The note also provides Bitcoin ID address where you are supposed to transfer the sum and when you do, you are asked to send your personal ID and transaction ID to [email protected] Crooks claim that once you do all that, they will send you a special decryption tool to recover your locked data.

However, we strongly suggest that you don’t believe these people even for a second. The only purpose of the ransomware creation is and has always been money. That hackers` goal. They want to make profits by extorting innocent users. Don’t be one of those users. Don’t pay. Not only does paying guarantee you nothing, but it also encourages hackers to keep on with this “business”. If they see that their scheme works, they will continue applying it. And like we said, there are zero guarantees that once you pay, you will get what you paid for.

Cybercriminals usually take victims` money and then ignore them. But even if you do get the decryptor and free your data, what then? You still lose because Fenrir remains on your machine. The decryptor doesn’t remove it. This means that even if you unlock your files, the ransomware can re-lock them whenever it decides to strike again. You will get sent back to square one only with less money.

Are you going to pay the crooks again? You do know that the money you give them goes for nothing but more malware creation, don’t you? Don’t sponsor crooks and don’t help them expand. Not to mention that if you use your machine to make the payment, you risk getting your personal and financial credentials stolen too. The only way to get out of this situation it by removing Fenrir from your system altogether. Only then you can try to retrieve your data. If you have backups of your files (which you should), it would be easy one your machine is clean. Use our removal guide below and get rid of Fenrir immediately.

How did you get stuck with Fenrir? We assume that you didn’t download this destructive virus on purpose and yet, here it is. According to researchers, the ransomware gets distributed disguised as an Adobe Acrobat Reader file. This is a very popular technique – malware pretending to be a program/update – so be extra careful what you install and where you download it from. Use only legitimate and verified download sources. Always read the Terms and Conditions and pay attention to the provider. If it says “provider unknown”, you better abort the installation immediately. There are plenty of safe sites and torrents where you can download programs from. Use them and pray safe. Relying on luck is not always successful. Choose safety and vigilance.

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Fenrir Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link:
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panel


  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Next

    system restore

  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Fenrir Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete

Remove Fenrir Ransomware | Updated