A ransomware called Prandel file virus is another development of online criminals. The principle of its functioning and the method of distribution is the same as in the case of the Kovasoh, Lotej, Nvetud and so on, the only difference is the .prandel extension appended to the photos, documents and music that are infected by it.
Getting to the user’s PC system, the Prandel ransomware virus starts searching for files in all folders and recursively, and after their detection, locks up each of them using complex digital algorithm that completely blocks them and leads to their dysfunction. This crypto virus is capable of encrypting various files like documents, web application-related files, archives, drawings, photos, video materials and database, as well as its destructive effects can be subjected to backups. Prandel ransomware encrypts almost of files, including common as:
.sis, .dmp, .hkx, .zip, .7z, .crw, .wire, .jpe, .litemod, .mlx, .lrf, .x3f, .xpm, .mdf, .wmf, .x, .rw2, .xx, .wav, .wpl, .odb, .odc, .wps, .flv, .wmd, .mp4, .x3f, .xlsb, .xll, .dba, .wp5, .ntl, .cas, .itl, .zif, .docx, .xy3, .docm, .m3u, .pptm, .layout, .bc6, .mef, .ptx, .das, .arch00, .wpw, .doc, .wp6, .dbf, .dng, .xbplate, .wp4, .bik, .m4a, .mrwref, .pst, .xml, .tor, .x3d, .crt, .map, .yal, .fsh, .pkpass, .dxg, .z3d, .cdr, .t12, .zip, .z, .wpd, .epk, .wgz, .jpeg, .asset, .xwp, .w3x, .dcr, .menu, .webdoc, .wbd, .xld, .srw, .mov, .ws, .xlsx, .rtf, .iwd, .vcf, .wm, .orf, .xbdoc, .rofl, .wpa, .big, .wp, .vpk, .mpqge, .xls, .sidd, .pdd, .ppt, .m2, .p7c, .apk, .db0, .wsh, .wdp, .vfs0, .snx, .erf, .xdb, .wmv, .hkdb, .itdb, .svg, .xdl, .1, .nrw, .sb, .cfr, .wotreplay, .sum, .3dm, .ybk, .r3d, .bay, .ncf, .cer, .xmind, .xyp, .wn, .ai, .gho, .rwl, .esm, .ztmp, .odp, .accdb, .ods, .xlsm, .gdb, .vpp_pc, .mdbackup, .3ds, .wbmp, .vtf, .re4, .cr2, .0, .wpd, .sr2, .png, .xmmap, .forge, .kdc, .rb, .2bp, .wdb, .vdf, .csv, .sie, .kdb, .indd, .rgss3a, .pdf, .xlk, .ltx, .wbm, .xyw, .3fr, .xls, .zw, .mcmeta, .xlsx, .odm, .xf, .xlgc, .qic, .bkf, .xlsm, .avi, .sql, .dwg, .zdb, .sidn, .wbz, .wpb
All affected files become useless and get the .prandel extension and each directory containing the affected files contains a ransom message informing the user about the presence of ransomware in the personal computer and its destructive impact on the target files. The attackers inform each victim that he has the ability to unlock encrypted files only paying a ransom. After transferring the specified amount to cyber criminals, the user will receive a unique code key from them, which will help to decrypt files affected by the Prandel virus. If the money for the purchase of a key for decrypting files will be transferred to the cybercriminals within 72 hours, they are ready to give the victim a discount of 50%.
Threat Summary
Name | Prandel |
Type | Crypto malware, Ransomware, Crypto virus, File locker, Filecoder |
Encrypted files extension | .prandel |
Ransom note | _readme.txt |
Contact | gorentos@bitmessage.ch |
Ransom amount | $980/$490 in Bitcoins |
Symptoms | Odd, new or missing file extensions. Files named like ‘_readme.txt’, or ‘_readme’ in each folder with at least one encrypted file. You have received instructions for paying the ransom. |
Distribution methods | Malicious email attachments. Drive-by downloads (ransomware virus has the ability to infect the computer simply by visiting a web-page that is running harmful code). Social media, like web-based instant messaging applications. Malvertising campaigns. |
Removal | To remove Prandel ransomware use the removal guide |
Decryption | To decrypt Prandel ransomware use the steps |
We advise you to uninstall Prandel ransomware ASAP, until the presence of the crypto virus has not led to even worse consequences. You need to follow the few simple steps below that will allow you to completely remove Prandel ransomware virus from your computer as well as recover encrypted files, using only few free tools.
Quick links
- How to remove Prandel file virus
- How to decrypt .prandel files
- Prandel decryption tool
- How to restore .prandel files
- How to protect your PC from Prandel crypto virus?
- Finish words
How to remove Prandel file virus
We can help you uninstall Prandel ransomware virus, without the need to take your PC system to a professional. Simply follow the removal tutorial below if you currently have the ransomware virus on your computer and want to remove it. If you have any difficulty while trying to delete the ransomware virus, feel free to ask for our assist in the comment section below. Read this manual carefully, bookmark or print it, because you may need to exit your internet browser or reboot your computer.
How to remove Prandel virus with Zemana Anti-Malware
Zemana Anti Malware is a malware scanner that is very useful for detecting and uninstalling Prandel ransomware. The steps below will explain how to download, install, and use Zemana Anti-Malware (ZAM) to scan your personal computer and remove crypto malware, worms, adware software, trojans, spyware, malicious software for free.
- First, please go to the following link, then click the ‘Download’ button in order to download the latest version of Zemana Anti-Malware (ZAM).
Zemana AntiMalware
164101 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- At the download page, click on the Download button. Your web browser will open the “Save as” dialog box. Please save it onto your Windows desktop.
- When downloading is complete, please close all software and open windows on your PC. Next, start a file named Zemana.AntiMalware.Setup.
- This will run the “Setup wizard” of Zemana AntiMalware onto your machine. Follow the prompts and do not make any changes to default settings.
- When the Setup wizard has finished installing, the Zemana AntiMalware (ZAM) will launch and show the main window.
- Further, click the “Scan” button to perform a system scan for the Prandel ransomware, other kinds of potential threats such as malware and trojans. A scan may take anywhere from 10 to 30 minutes, depending on the count of files on your computer and the speed of your system. While the Zemana AntiMalware (ZAM) program is checking, you can see number of objects it has identified as threat.
- Once the scanning is finished, the results are displayed in the scan report.
- You may remove items (move to Quarantine) by simply press the “Next” button. The tool will delete Prandel ransomware, other kinds of potential threats such as malicious software and trojans. When disinfection is done, you may be prompted to reboot the PC.
- Close the Zemana and continue with the next step.
How to remove Prandel with MalwareBytes Anti Malware
We suggest using the MalwareBytes Anti Malware which are completely clean your PC of the ransomware virus. This free tool is an advanced malware removal application made by (c) Malwarebytes lab. This program uses the world’s most popular anti malware technology. It is able to help you delete crypto malware, potentially unwanted applications, malware, adware, toolbars, and other security threats from your computer for free.
Visit the page linked below to download MalwareBytes. Save it to your Desktop.
326456 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When the downloading process is complete, run it and follow the prompts. Once installed, the MalwareBytes Anti-Malware will try to update itself and when this process is complete, press the “Scan Now” button to begin checking your PC for the Prandel crypto virus and other security threats. Depending on your PC, the scan can take anywhere from a few minutes to close to an hour. While the utility is checking, you can see how many objects and files has already scanned. Make sure all threats have ‘checkmark’ and click “Quarantine Selected” button.
The MalwareBytes Anti Malware is a free application that you can use to delete all detected folders, files, services, registry entries and so on. To learn more about this malware removal utility, we advise you to read and follow the step-by-step guidance or the video guide below.
Use KVRT to delete Prandel
If MalwareBytes anti malware or Zemana anti malware cannot delete this crypto malware, then we advises to run the KVRT. KVRT is a free removal tool for crypto viruss, adware, PUPs and toolbars.
Download Kaspersky virus removal tool (KVRT) from the following link. Save it on your Microsoft Windows desktop or in any other place.
129081 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After downloading is complete, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is finished, you will see the KVRT screen as shown below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next press Start scan button to perform a system scan with this tool for the Prandel ransomware virus and other known infections. A system scan can take anywhere from 5 to 30 minutes, depending on your computer. While the Kaspersky virus removal tool tool is scanning, you may see number of objects it has identified as being affected by malware.
Once Kaspersky virus removal tool has completed scanning, Kaspersky virus removal tool will show you the results as shown on the screen below.
Make sure to check mark the threats which are unsafe and then click on Continue to begin a cleaning procedure.
How to decrypt .prandel files
As mentioned earlier, the ransom payment is the only way to decrypt .prandel files, unfortunately. After the victim transfers the specified amount of money (usually $980 in Bitcoins) to the cyber frauds, they provide a private key to decrypt the encrypted data.
Never pay the ransom! However, the victim who will pay the ransom payment to online criminals cannot be completely sure of obtaining a special code key, because he is dealing with unscrupulous and dishonest people who are ready to commit any immoral actions, including hiding after receiving the ransom from the victim, and not providing a decryption utility (key) to recover access to blocked photos, documents and music.
Of course, it can not be considered that the only correct method out of the situation when your system is affected with Prandel ransomware virus, will be the payment of ransom, as this only leads to the prosperity of illegal actions of fraudsters. The smart thing to do is to try to recover the locked files from the backup or wait for the release of the Prandel decryption tool to decrypt them. You can also try to unlock personal files using free apps listed below.
Prandel decryption tool
With some variants of Prandel file virus, it is possible to decrypt encrypted files using free tools listed below.
Michael Gillespie (@) released the Prandel decryption tool named STOPDecrypter. It can decrypt .Prandel files if they were locked by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.
STOPDecrypter is a program that can be used for Prandel files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Prandel files using this free tool.
- Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip - After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
- Further, select ‘Extract all’ and follow the prompts.
- Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.
If STOPDecrypter does not help you to decrypt .Prandel files, in some cases, you have a chance to restore your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.
How to restore .prandel files
In some cases, you can restore files encrypted by Prandel crypto malware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted personal files.
Recover .prandel encrypted files using Shadow Explorer
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Please go to the following link to download ShadowExplorer. Save it on your Desktop.
438805 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
Once downloading is done, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed below.
Double click ShadowExplorerPortable to run it. You will see the a window as displayed in the figure below.
In top left corner, choose a Drive where encrypted photos, documents and music are stored and a latest restore point like below (1 – drive, 2 – restore point).
On right panel look for a file that you wish to restore, right click to it and select Export as displayed on the image below.
Use PhotoRec to restore .prandel files
Before a file is encrypted, the Prandel crypto malware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your photos, documents and music using file recover apps like PhotoRec.
Download PhotoRec by clicking on the following link.
After the downloading process is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown on the screen below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It will open a screen as displayed in the following example.
Select a drive to recover as displayed on the image below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as displayed in the figure below.
Click File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.
Next, press Browse button to select where recovered documents, photos and music should be written, then click Search.
Count of recovered files is updated in real time. All restored photos, documents and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the restore is finished, click on Quit button. Next, open the directory where recovered personal files are stored. You will see a contents as displayed in the figure below.
All restored photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your PC from Prandel crypto virus?
Most antivirus applications already have built-in protection system against the ransomware virus. Therefore, if your personal computer does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your computer from Prandel ransomware virus
All-in-all, HitmanPro.Alert is a fantastic utility to protect your PC system from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of MS Windows OS from Microsoft Windows XP to Windows 10.
HitmanPro.Alert can be downloaded from the following link. Save it on your Windows desktop.
When the download is complete, open the directory in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the tool is started, you’ll be shown a window where you can choose a level of protection, as displayed in the following example.
Now click the Install button to activate the protection.
Finish words
Now your computer should be free of the Prandel crypto virus. Delete MalwareBytes Free and KVRT. We suggest that you keep Zemana Anti Malware (ZAM) (to periodically scan your PC for new malicious software). Make sure that you have all the Critical Updates recommended for Windows operating system. Without regular updates you WILL NOT be protected when new ransomware, malicious applications and adware are released.
If you are still having problems while trying to uninstall Prandel crypto virus from your computer, then ask for help here.