Restore .brickr files – Remove BrickR virus (File Informer ransomware)

File Informer ransomware uses a strong encryption algorithm with a big key. When the ransomware virus encrypts a file, it will add the .brickr extension to each encrypted file. Once the ransomware virus finished enciphering of all personal files, it will drop a file called “READ_DECRYPT_FILES.txt” with tutorial on how to decrypt all personal files.

The BrickR ransomware virus offers to make a payment in Bitcoins to get a key to decrypt documents, photos and music. Important to know, currently not possible to decrypt the .brickr files encrypted by the ransomware infection without the private key and decrypt program. If you choose to pay the ransom, there is no 100% guarantee that you can recover all photos, documents and music! If you do not want to pay for a decryption key, then you have a chance to recover encrypted personal files.

Use the step-by-step guide below to delete the ransomware infection itself and try to recover encrypted photos, documents and music.

What is BrickR virus

BrickR also known as “File Informer” is a variant of crypto viruses (malicious software that encrypt personal files and demand a ransom). It affects all current versions of Windows OS such as Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10. This ransomware uses a strong encryption algorithm with 2048-bit key to eliminate the possibility of brute force a key which will allow to decrypt encrypted documents, photos and music.

When the ransomware infects a PC system, it uses system directories to store own files. To run automatically whenever you turn on your PC, BrickR ransomware virus creates a registry entry in Windows: sections HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce.

Immediately after the launch, the ransomware virus scans all available drives, including network and cloud storage, to determine which files will be encrypted. The ransomware uses the file name extension, as a method to define a group of files that will be subjected to encrypting. Encrypted almost all types of files, including common as:

.raf, .xbplate, .iwi, .wire, .wdp, .pst, .3ds, .odp, .crt, .rtf, .wmf, .dba, .xpm, .ptx, .jpeg, .docm, .bkf, .vpk, .txt, .litemod, .mov, .jpg, .itm, .xlsm, .pptm, .bkp, .wpe, .sum, .orf, .cas, .m3u, .pdf, .dcr, .yal, .kdc, .sql, .3fr, .docx, .ff, .wpl, .yml, .xlsx, .wn, .hkdb, .webp, .vfs0, .csv, .wp5, .upk, .wav, .wpd, .wbz, .tax, .wp7, .wbk, .p7b, .cfr, .vdf, .indd, .7z, .flv, .zi, .wpa, .1, .zdb, .d3dbsp, .das, .xdl, .wb2, .pptx, .xf, .re4, .mdb, .3dm, .asset, .rim, .pef, .wbm, .x3f, .wmd, .blob, .2bp, .t13, .wpg, .pak, .ods, .xar, .mcmeta, .mddata, .xld, .rw2, .bsa, .xll, .dxg, .xml, .esm, .wpd, .xlsm, .wpb, .rgss3a, .dng, .wsh, .xx, .arch00, .zw, .zip, .rar, .1st, .rofl, .mlx, .xlsx, .rwl, .dazip, .ncf, .layout, .vcf, .zip, .sav, .ibank, .p7c, .y, .mp4, .syncdb, .sis, .forge, .ybk, .wp6, .wp, .vtf, .ppt, .xwp, .itdb, .wgz, .desc, .r3d, .srf, .wbd, .wri, .cr2, .accdb, .wot, .bik, .xls, .dbf, .lbf, .tor, .raw, .hvpl, .xls, .menu, .bay, .wbmp, .icxs, .mdf, .srw, .wpt, .zabw, .sb, .lvl, .xlsb, .wm, .py, .mdbackup, .xxx, .sid, .eps, .ltx, .pdd, .zif, .slm, .big, .snx, .js, .qdf, .avi, .xyw, .mef, .css, .wma, .wmv, .z, .fpk, .dmp, .qic, .fos, .xbdoc, .kdb, .vpp_pc, .xmmap, .hplg, .doc, .bar, .epk, .w3x, .pfx, .ai, .arw, .mrwref, .gdb, .fsh, .x3d, .wotreplay, .map, .wbc, .m4a, .ztmp, .der, .xlgc, .odb, .wmv, .crw, .wps, .sidd, .zdc, .cer, .bc6, .0, .db0, .pem, .x, wallet, .webdoc, .ysp, .sidn, .sie, .png, .odt, .jpe, .wp4, .dwg, .psd, .xdb, .iwd, .ntl, .pkpass, .odm, .t12, .xlk, .itl, .rb, .gho, .p12, .svg, .odc, .sr2, .nrw, .wma, .psk, .x3f, .erf, .wpw, .kf, .wps, .apk, .wsd, .ws, .bc7, .wcf, .mpqge, .xy3, .wdb, .z3d, .hkx, .wsc, .xmind, .m2, .cdr, .wmo

Once a file is encrypted, its extension changed to .brickr. Next, the virus creates a file named “READ_DECRYPT_FILES.txt”. This file contain guide on how to decrypt all encrypted files. An example of the tutorial is:

!!!!!!!!!!!!!! READ THIS TEXT CAREFULLY !!!!!!!!!!!!!!
<what happened?>
All of your personal files (documents, photos, videos,archives and other files) were locked and are not usable at the moment. To verify this fact, try to open some of your files and use them.

To get your files back you need to buy a secret key. We are the only people who have the secret key. Nobody but us can restore your files. Not even antiviruses or IT experts .
To verify this fact, we can decrypt 1 of your files for free. Send us the file to email shown below (Contact Email:) and we will send it unlocked back to you for free.

<how do I buy the key and get my files back?>
To buy the decryption key and get your files back:
1)send the price shown down in the program to the Bitcoin address shown below (Bitcoin Address: …).
2)After you complete the payment, please contact us via email (Contact Email:) down in the program. Email example: “Hello I need to decrypt my files. My ID is :(ID shown below)”. We will send you the key within 12 hours.
3) After you get your key, click “Unlock Files” button and enter the key. Your files will get unlocked.

<what is Bitcoin and how do I use it ?>
Bitcoin is a type of virtual currency that is easily obtainable.
1) Register your own Bitcoin wallet at: hxxps://blockchain.info/wallet/#/signup
2) Buy bitcoins on one of the following websites:
– hxxp://localbitcoins.com
– hxxp://coincafe.com
– hxxp://bitquick.co
Or visit hxxp://howtobuybitcoins.info for more information and help.
3) Send the bitcoins to our address shown below.
1F5yPatW4iwehcvYn7KSqqHs1NpWBHHMqV

The BrickR ransomware actively uses scare tactics by giving the victim a brief description of the encryption algorithm and showing a threatening message on the desktop. It is trying to force the user of the infected PC system, do not hesitate to pay a ransom, in an attempt to recover their documents, photos and music.

How to decrypt brickr files

Currently there is no available way to decrypt brickr files. The ransomware virus repeatedly tells the victim that uses a strong encryption algorithm with large key. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a method because of the big length of the key. Therefore, unfortunately, the only payment to the authors of the BrickR virus entire amount requested – the only method to try to get the decryption key and decrypt all your files.

There is absolutely no guarantee that after pay a ransom to the developers of the BrickR virus, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.

How to remove BrickR virus

In order to remove BrickR ransomware virus from your personal computer, you need to stop all virus processes and delete its associated files including Windows registry entries. If any ransomware components are left on the PC system, the ransomware infection can reinstall itself the next time the personal computer boots up. Usually ransomware infections uses random name consist of characters and numbers that makes a manual removal procedure very difficult. We advise you to run a free virus removal utilities that will help remove BrickR virus from your PC system. Below you can found a few popular malware removers that detects various ransomware.

Remove BrickR with Zemana Anti-malware

We advise you to run the Zemana Anti-malware that are completely clean your computer of this ransomware virus. Moreover, the tool will allow you to delete potentially unwanted applications, malicious software, toolbars and adware that your system can be infected too.

1. Download Zemana anti malware (ZAM) on your computer by clicking on the following link.
   
   

   Zemana AntiMalware
   164994 downloads
   Author: Zemana Ltd
   Category: Security tools
   Update: July 16, 2019
   
2. When downloading is finished, close all applications and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup.
3. Further, click Next button and follow the prompts.
4. Once install is complete, press the “Scan” button to start checking your computer for the BrickR virus . This procedure can take some time, so please be patient. While the utility is scanning, you can see how many objects it has identified either as being malware.
5. Once the scan is done, a list of all items detected is produced. Review the scan results and then click “Next”. Once disinfection is finished, you may be prompted to restart your computer.

Remove File Informer ransomware with Malwarebytes

We recommend using the Malwarebytes Free. You can download and install Malwarebytes to scan for and remove BrickR ransomware from your system. When installed and updated, the free malware remover will automatically scan and detect all threats exist on the machine.

Download Malwarebytes by clicking on the link below. Save it on your Windows desktop or in any other place.

When the download is done, close all software and windows on your personal computer. Open a directory in which you saved it. Double-click on the icon that’s named mb3-setup as shown below.

When the install starts, you will see the “Setup wizard” which will help you install Malwarebytes on your PC system.

Once installation is finished, you will see window as on the image below.

Now click the “Scan Now” button . This utility will now begin checking your system for the BrickR ransomware virus and other malware. This procedure may take quite a while, so please be patient. When a malware, ad supported software or virus are found, the number of the security threats will change accordingly. Wait until the the scanning is complete.

When it completes the scan, you may check all threats found on your PC. Review the scan results and then click “Quarantine Selected” button.

The Malwarebytes will start removing BrickR virus related files, folders, registry keys. Once disinfection is finished, you may be prompted to restart your machine.

The following video explains step-by-step tutorial on how to delete ransomware virus and other malicious software with Malwarebytes Anti-malware.

Scan and free your computer of ransomware infection with KVRT

KVRT is a free portable program that scans your computer for ‘ad supported’ software, PUPs and ransomware infections like BrickR and helps remove them easily. Moreover, it’ll also help you remove any dangerous web-browser extensions and add-ons.

Download Kaspersky virus removal tool (KVRT) on your system from the link below.

Once downloading is complete, double-click on the KVRT icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen as displayed in the figure below.

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan with this utility for the BrickR ransomware virus and other known infections. While the utility is checking, you may see how many objects it has identified either as being malicious software.

When this utility has done scanning, it will display a list of all items detected by this tool as displayed in the figure below.

Next, you need to press on Continue to start a cleaning process.

How to restore brickr files

In some cases, you can recover files encrypted by BrickR virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted personal files.

Restore brickr files with ShadowExplorer

If automated backup (System Restore) is enabled, then you can use it to recover all encrypted files to previous versions.

Download ShadowExplorer on your PC by clicking on the following link.

When downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed below.

Double click ShadowExplorerPortable to start it. You will see the a window as displayed below.

In top left corner, choose a Drive where encrypted personal files are stored and a latest restore point as shown below (1 – drive, 2 – restore point).

On right panel look for a file that you want to recover, right click to it and select Export as displayed below.

Recover .brickr files with PhotoRec

Download PhotoRec from the link below and save it directly to your Windows Desktop.

Once the download is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown in the figure below.

Double click on qphotorec_win to run PhotoRec for MS Windows. It’ll open a screen as displayed on the image below.

Choose a drive to recover as shown in the following example.

You will see a list of available partitions. Choose a partition that holds encrypted documents, photos and music as shown on the screen below.

Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is finished, press OK button.

Next, click Browse button to select where restored documents, photos and music should be written, then press Search.

Count of recovered files is updated in real time. All recovered files are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.

When the recovery is done, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as shown on the image below.

All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your restored files by extension and/or date/time.

How to prevent your personal computer from becoming infected by BrickR ransomware virus?

Most antivirus programs already have built-in protection system against the ransomware infection. Therefore, if your PC system does not have an antivirus program, make sure you install it. As an extra protection, run the CryptoPrevent.

Use CryptoPrevent to protect your personal computer from BrickR virus

Download CryptoPrevent on your Microsoft Windows Desktop by clicking on the link below.

www.foolishit.com/download/cryptoprevent/

Run it and follow the setup wizard. Once the setup is done, you will be displayed a window where you can choose a level of protection, as shown on the screen below.

Now click the Apply button to activate the protection.

How does your PC get infected with BrickR virus

The BrickR ransomware virus is distributed through the use of spam emails. Below is an email that is infected with a virus like BrickR ransomware virus.

Once this attachment has been opened, this virus will be launched automatically as you do not even notice that. The BrickR ransomware will begin the encryption process. When this process is complete, it’ll display the usual ransom note like above on READ_DECRYPT_FILES.txt.

To sum up

After completing the step by step guide above, your computer should be clean from BrickR ransomware and other malware. Your PC will no longer encrypt your photos, documents and music. Unfortunately, if the step by step guide does not help you, then you have caught a new variant of ransomware infection, and then the best way – ask for help.

1. Download HijackThis from the link below and save it to your Desktop.
   
   

   HijackThis download
   4984 downloads
   Version: 2.0.5
   Author: OpenSource
   Category: Security tools
   Update: November 7, 2015
   
2. Double-click on the HijackThis icon. Next click “Do a system scan only” button.
3. As the scanning ends, the scan button will read “Save log”, click it. Save this log to your desktop.
4. Create a Myantispyware account here. Once you’ve registered, check your e-mail for a confirmation link, and confirm your account. After that, login.
5. Copy and paste the contents of the HijackThis log into your post. If you are posting for the first time, please start a new thread by using the “New Topic” button in the Spyware Removal forum. When posting your HJT log, try to give us some details about your problems, so we can try to help you more accurately.
6. Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the BrickR ransomware virus.