A new variant of ransomware virus has been discovered by IT security experts. It appends the .[email@example.com] extension to encrypted files. This ransomware targets computers running Microsoft Windows by spam emails and malware.
The FilesLocker v2.0 ransomware is a virus, that developed to encrypt the personal files found on infected computer using very strong hybrid encryption with a large key, adding the .[firstname.lastname@example.org] extension to all encrypted files. It can encrypt almost types of files, including the following:
.qdf, .wgz, .wire, .ai, .js, .0, .css, .qic, .mddata, .wpg, .1st, .zip, .rwl, .bar, .arch00, .iwi, .upk, .rofl, .re4, wallet, .z, .ltx, .itl, .dazip, .sidn, .tax, .xar, .r3d, .apk, .blob, .tor, .odc, .xlsb, .sb, .mef, .3dm, .hkdb, .svg, .sis, .dng, .odb, .wb2, .webdoc, .xyp, .wbc, .wpd, .dxg, .fos, .wma, .p7b, .wmd, .sr2, .wotreplay, .wsd, .d3dbsp, .der, .xlsx, .xx, .pfx, .esm, .pef, .wri, .xld, .mdb, .dwg, .dba, .epk, .lrf, .zabw, .rar, .icxs, .cfr, .psd, .wmv, .map, .xbdoc, .ncf, .ods, .xlk, .xxx, .itm, .db0, .wpb, .nrw, .wps, .odm, .xy3, .y, .p7c, .pem, .t13, .dcr, .yal, .docx, .rgss3a, .jpg, .xdl, .m3u, .ysp, .pdf, .x3f, .bc6, .t12, .pptm, .psk, .bkf, .rtf, .cdr, .wav, .xls, .menu, .mcmeta, .wcf, .forge, .lbf, .cas, .raf, .ybk, .zdb, .sie, .itdb, .7z, .zdc, .hvpl, .x3f, .layout, .yml, .syncdb, .sum, .pdd, .odp, .jpeg, .vtf, .avi, .wdb, .wpl, .ptx, .raw, .pptx, .wbz, .vcf, .wot, .bc7, .txt, .png, .gdb, .vpp_pc, .wp6, .arw, .xlsm, .wsh, .rw2, .z3d, .wp4, .wp7, .flv, .docm, .xmind, .indd, .desc, .fpk, .ztmp, .asset, .pst, .3ds, .mlx, .jpe, .ibank, .ws, .sidd, .xml, .wbk, .gho, .rb, .ntl, .xpm, .hplg, .dmp, .wpa, .mdf, .wpw, .iwd, .wbd, .wm, .lvl, .wp5, .wmf, .3fr, .big, .erf, .mdbackup, .accdb, .vdf, .hkx, .wdp, .slm, .kdc, .py, .eps, .xdb, .m4a, .xll, .wmv, .pkpass, .bsa, .dbf, .wma, .das, .wpt, .x, .wmo, .2bp, .wpd, .wbmp, .cr2, .m2, .ff, .1, .xlgc, .csv, .wps, .mrwref, .bay, .wbm, .kf, .wsc, .zip, .xyw, .wpe, .sid, .vfs0, .w3x, .zi, .snx, .p12, .ppt, .rim, .mov, .srf
When the ransomware virus encrypts a file, it will add the .[email@example.com] extension to every encrypted file. Once the ransomware finished enciphering of all files, it will create a file called “#DECRYPT MY FILES#.txt” with ransom demanding message on how to decrypt all personal files. You can see an one of the variants of the ransom demanding message below:
FilesLocker RANSOMWARE v2.0 ########################################### All your important files(database,documents,images,videos,music,etc.)have been encrypted!and only we can decrypt! To decrypt your files,follow these steps: 1.Buy 0.15 Bitcoin 2.Send 0.15 Bitcoin to the payment address 3.Email your ID to us,after verification,we will create a decryption tool for you. Email:firstname.lastname@example.org Your ID:
Therefore it is very important to follow the step-by-step guidance below immediately. The step-by-step guidance will help you to remove FilesLocker v2.0 ransomware. What is more, the few simple steps below will help you restore encrypted files for free.
Table of contents
- How to decrypt .[email@example.com] files
- How to remove FilesLocker v2.0 ransomware virus
- How to Restore .[firstname.lastname@example.org] files
- How to protect your PC from FilesLocker v2.0 ransomware?
How to decrypt .[email@example.com] files
The encryption method is so strong that it is practically impossible to decrypt .[firstname.lastname@example.org] files without the actual encryption key. The bad news is that the only way to get your files back is to pay ($300-1000 in Bitcoins) makers of the FilesLocker v2.0 ransomware virus for a copy of the private (encryption) key.
There is absolutely no guarantee that after pay a ransom to the developers of the FilesLocker v2.0 ransomware, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware.
With some variants of this virus, it’s possible to use Windows Shadow Copies or file restore tools to recover files that have been encrypted by FilesLocker v2.0 ransomware virus. You can run the free tools listed below in the article.
How to remove FilesLocker v2.0 ransomware virus
Manual removal does not always help to completely delete the FilesLocker v2.0 ransomware virus, as it is not easy to identify and remove components of ransomware and all malicious files from hard disk. Therefore, it’s recommended that you use malware removal tool to completely remove FilesLocker v2.0 ransomware virus off your machine. Several free malware removal utilities are currently available that can be used against the ransomware. The optimum solution would be to use Zemana Anti-malware, Malwarebytes Free and Kaspersky Virus Removal Tool.
Get rid of FilesLocker v2.0 ransomware with Zemana Anti-malware
We recommend using the Zemana Anti-malware that are completely clean your PC of the ransomware. The tool is an advanced malicious software removal program created by (c) Zemana lab. It is able to help you remove potentially unwanted software, viruss, ad supported software, malicious software, toolbars, ransomware and other security threats from your PC for free.
Visit the page linked below to download Zemana Anti-Malware (ZAM). Save it on your Desktop.
Author: Zemana Ltd
Category: Security tools
Update: March 3, 2018
After the download is complete, close all applications and windows on your system. Open a directory in which you saved it. Double-click on the icon that’s called Zemana.AntiMalware.Setup like below.
When the install starts, you will see the “Setup wizard” that will help you setup Zemana Anti-Malware on your personal computer.
Once setup is done, you will see window as displayed below.
Now press the “Scan” button . Zemana AntiMalware program will scan through the whole computer for the FilesLocker v2.0 ransomware and other security threats. A system scan can take anywhere from 5 to 30 minutes, depending on your personal computer. When a threat is detected, the number of the security threats will change accordingly. Wait until the the checking is done.
Once that process is finished, you will be displayed the list of all found threats on your computer. Review the report and then click “Next” button.
The Zemana Anti Malware (ZAM) will begin to delete FilesLocker v2.0 ransomware virus and other malware and PUPs.
Automatically delete FilesLocker v2.0 ransomware virus with MalwareBytes Anti Malware
Manual FilesLocker v2.0 ransomware virus removal requires some computer skills. Some files and registry entries that created by the virus can be not completely removed. We suggest that use the MalwareBytes Free that are completely free your computer of ransomware virus. Moreover, this free program will help you to get rid of malware, PUPs, ad supported software and toolbars that your machine may be infected too.
Download MalwareBytes Anti Malware (MBAM) from the link below.
Category: Security tools
Update: February 5, 2019
After downloading is finished, close all windows on your personal computer. Further, run the file named mb3-setup. If the “User Account Control” dialog box pops up as shown in the following example, press the “Yes” button.
It will show the “Setup wizard” that will assist you setup MalwareBytes on the computer. Follow the prompts and do not make any changes to default settings.
Once setup is done successfully, click Finish button. Then MalwareBytes AntiMalware (MBAM) will automatically start and you can see its main window as shown in the figure below.
Next, press the “Scan Now” button to begin scanning your computer for the FilesLocker v2.0 ransomware virus and other kinds of potential threats such as malicious software and potentially unwanted software. Depending on your computer, the scan may take anywhere from a few minutes to close to an hour. When a malware, adware or potentially unwanted apps are found, the number of the security threats will change accordingly.
Once the system scan is finished, MalwareBytes AntiMalware will display a list of all threats found by the scan. In order to get rid of all threats, simply press “Quarantine Selected” button.
The MalwareBytes AntiMalware will remove FilesLocker v2.0 ransomware virus and other malicious software and PUPs. Once finished, you may be prompted to restart your PC system. We recommend you look at the following video, which completely explains the process of using the MalwareBytes Free to remove browser hijackers, ad-supported software and other malicious software.
Scan your personal computer and remove FilesLocker v2.0 ransomware with KVRT
KVRT is a free removal utility that can check your system for a wide range of security threats like the FilesLocker v2.0 ransomware, ad supported software, potentially unwanted apps as well as other malicious software. It will perform a deep scan of your computer including hard drives and Windows registry. When a malware is detected, it will help you to remove all detected threats from your personal computer by a simple click.
Download Kaspersky virus removal tool (KVRT) on your Windows Desktop by clicking on the link below.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is complete, double-click on the KVRT icon. Once initialization procedure is done, you will see the Kaspersky virus removal tool screen as shown in the figure below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button . Kaspersky virus removal tool application will scan through the whole personal computer for the FilesLocker v2.0 ransomware and other trojans and malicious programs.
Once KVRT has completed scanning, a list of all threats detected is prepared as displayed below.
Review the report and then press on Continue to begin a cleaning task.
How to Restore .[email@example.com] files
In some cases, you can restore files encrypted by FilesLocker v2.0 ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted documents, photos and music.
Recover .[firstname.lastname@example.org] encrypted files using Shadow Explorer
A free tool called ShadowExplorer is a simple solution to use the ‘Previous Versions’ feature of Microsoft Windows 10 (8, 7 , Vista). You can recover .[email@example.com] files encrypted by the FilesLocker v2.0 ransomware virus from Shadow Copies for free.
Visit the following page to download the latest version of ShadowExplorer for Windows. Save it to your Desktop.
Category: Security tools
Update: February 27, 2018
After the downloading process is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown in the figure below.
Start the ShadowExplorer utility and then select the disk (1) and the date (2) that you wish to restore the shadow copy of file(s) encrypted by the FilesLocker v2.0 ransomware as displayed on the image below.
Now navigate to the file or folder that you wish to restore. When ready right-click on it and click ‘Export’ button as shown on the screen below.
Run PhotoRec to recover .[firstname.lastname@example.org] files
Before a file is encrypted, the FilesLocker v2.0 ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file recover software such as PhotoRec.
Download PhotoRec on your MS Windows Desktop by clicking on the following link.
Category: Security tools
Update: March 1, 2018
Once the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown on the screen below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will open a screen as shown below.
Choose a drive to recover as displayed on the image below.
You will see a list of available partitions. Select a partition that holds encrypted personal files as shown on the image below.
Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is done, click OK button.
Next, click Browse button to choose where restored documents, photos and music should be written, then click Search.
Count of restored files is updated in real time. All restored personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is done, click on Quit button. Next, open the directory where restored personal files are stored. You will see a contents as displayed in the following example.
All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your PC from FilesLocker v2.0 ransomware?
Most antivirus software already have built-in protection system against the ransomware virus. Therefore, if your machine does not have an antivirus program, make sure you install it. As an extra protection, run the CryptoPrevent.
Run CryptoPrevent to protect your PC from FilesLocker v2.0 ransomware
Download CryptoPrevent on your computer from the following link.
Run it and follow the setup wizard. Once the setup is complete, you will be shown a window where you can select a level of protection, as displayed on the image below.
Now click the Apply button to activate the protection.
After completing the step-by-step tutorial shown above, your machine should be clean from FilesLocker v2.0 ransomware and other malware. Your computer will no longer encrypt your personal files. Unfortunately, if the few simple steps does not help you, then you have caught a new ransomware virus, and then the best way – ask for help here.