A dangerous ransomware virus was encountered by malware researchers last week, dubbed FenixLocker and using the .firstname.lastname@example.org!! file extension which it adds to files encrypted with AES encryption algorithm. Not only this, but the virus is also reported to leave behind ransom notes, named Cryptolocker.txt and Help to decrypt.txt. These notes ask users to contact the cyber-criminals behind this virus after which they ask the infected users to pay the sum of 500$ along with detailed instructions. Thankfully, malware researchers at EmsiSoft have released a free decrypter for FenixLocker, and we have created instructions on how to use it and successfully restore your encrypted files.
FenixLocker – More Information
FenixLocker is an interesting piece of malware. Unlike most @india.com ransomware variants, this particular ransomware uses the words “FenixIloveyou!!” in it’s source code, suggesting it is a unique variant.
Besides this, FenixLocker may also use an AES-128 encryption algorithm to render the files unusable. After encryption it adds the following ransom note:
After contacting the e-mail, the victims receive the following ransom instructions:
A researcher from EmsiSoft, Fabian Wosar has released a decrypter for this virus, and we have provided relevant instructions to help you decrypt your files for free instead of having to pay 500$ or more. Simply follow the instructions below to first remove FenixLocker and then decrypt your files.
FenixLocker – Removal
Before begging to decrypt your files, it is important to first remove FenixLocker from your computer. To do this effectively, we advise following the below-mentioned removal instructions:
Manually delete FenixLocker from your computer
Note! Substantial notification about the FenixLocker threat: Manual removal of FenixLocker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove FenixLocker by downloading an advanced anti-malware program
FenixLocker – Decryption
To decrypt files encrypted by FenixLocker, we urge you to follow the below-described steps.
Step 1: Download FenixLocker Free Decryptor from this web page and save it on your computer.
Step 2: Copy the following files into a new folder:
- One encrypted picture.
- The original variant of the encrypted picture.
In case you do not have any original variants of encrypted pictures, please, make sure to use the default Windows pictures which may also be encrypted so you should look for them from another non-infected Windows machine. They are usually located in:
Step 2: Drag an encrypted file on the Fenix decrypter, just like the GIF below demonstrates:
Step 3: After the files are dropped, you should see a pop-up similar to the following:
Press OK to continue.
Step 4: After this, the primary interface of the decryptor will show:
From there choose the folders you wish to decrypt and click on the Decrypt button.
After decryption, the files should be saved in the same location where they were initially encrypted. You also have the option to choose whether to keep or discard the encrypted version of the files.
FenixLocker – What to Do After Decryption
Luckily after this virus has attacked your computer, there is a way to rescue your files. Most of the ransomware viruses that are quite often spread do not have decryption solutions. This is why we advise you to install an advanced anti-malware software to protect your computer in the future and more importantly back up your data using a relevant cloud backup tool that can do it automatically every day, without bothering you. We have suggested one of the most widely used cloud backup tools in case you want to protect your files from ransomware viruses such as FenixLocker in the future: