Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove EnkripsiPC Ransomware and Restore .fucked Files

Attention! This article will aid you remove EnkripsiPC ransomware totally. Follow the ransomware removal instructions provided in the end of the article.

EnkripsiPC is a ransomware that is believed to be based on the M4N1F3STO and Detox ransomware viruses. Your files will get encrypted with the .fucked extension being added to all files after the process is finished. The ransom message that is displayed afterward is written in the Indonesian language. Also, the codename of the virus is Indonesian Ransomware Version 3 or IDRANSOMv3 for short. Read on to see ways you can try to restore your files.

Update! There is now a decryptor tool for this ransomware! The tool was created by the malware researcher Michael Gillespie and can be downloaded from the following link, wrapped inside a .zip archive: StupidDecrypter.

Threat Summary

Name EnkripsiPC
Type Ransomware
Short Description The ransomware locks your screen and shows a ransom message with instructions for paying.
Symptoms The ransomware will lock your desktop and encrypt your files with the .fucked extension. The criminals demand between 1 and 1,8 Bitcoin as a ransom payment.
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by EnkripsiPC

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss EnkripsiPC.
Data Recovery Tool Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

EnkripsiPC Ransomware – Distribution

EnkripsiPC ransomware could be distributed via different ways. Usually, there is a payload file that executes a malicious script which infects your computer. You can see the analysis of VirusTotal of such an executable file for this virus that contains its payload, from the image down here:

EnkripsiPC ransomware could be distributing that payload file on social media networks and such for file-sharing. Some legitimate applications might contain the malicious payload script. Big number of freeware and bundled applications could be promoted as useful on the Web but could be hiding the malicious script in question. Refrain from opening files from suspicious sources such as e-mails or links, especially not right after downloading them. First, you should perform a scan with a security application and check their size and signatures for anything dubious. You should read the ransomware prevention tips from the corresponding forum topic.

EnkripsiPC Ransomware – Analysis

The EnkripsiPC is a screenlocker ransomware that is also a cryptovirus. It will encrypt files on your computer with the same extension. Malware researchers believe that the virus stems from the “M4N1F3STO ransomware” or even “DetoxCrypto ransomware”.

EnkripsiPC ransomware could create entries in the Windows Registry to achieve perseverance. Such registry entries are designed in such a way that will make the virus launch automatically with each boot of the Windows Operating System. In this way, the lockscreen remains, and you won’t be able to get past it.

The codename for the EnkripsiPC virus is Indonesian Ransomware Version 3 or IDRANSOMv3 for short, as it can be seen from its code:

The ransom note will appear with the screenlocker inside a window. The message includes what the ransom sum is, along with the other instructions and demands of the cybercriminals for decrypting your files. You can check out the ransom message and the lockscreen right here below:

The ransom note reads the following:

EnkripsiPC
SEMUA FILE ANDA TELAH TER ENKRIPSI
Assalamualaikum Wr Wb
Kami telah Mengenkripsi semua file anda
alhasil file anda TIDAK BISA DIBUKA
dan semua file anda berekstensi .fucked
untuk mengembalikan semua file anda
silahkan bayar kepada kami agar kami
memberikan kode untuk mengembalikan
semua file anda
jika anda diam saja tidak melakukan apa apa
data anda tidak akan pemah bisa dibuka
sampai anda membayar kepada kami
itu saja sekiian dari kami
wassalamualaikum wr wb

button “Kembalikan File Saya!”

Cara Mengembalikan File Anda
1. Silahkan Minta Kode Pembuka Kepada Kontak Berikut
LINE: manusiapartGS
Facebook: muhammad.f.nazeeh
Youtube: humanpuff69
email: fulldoang@gmail.com
mgfakhri@gmail.com
muhlubaid69@gmail .com
ID KOMPUTER =
2. Bayar Denda Sesuai yang disuruh
Biaya Pengembalian file:
Rp 50.000 – Rp 100.000
3. Setelah melakukan pembayaran anda akan diberi kode untuk dimasukan dibawah sini untuk mengembalikan file anda…
button “BUKA”

A rough translation of that note would be the following:

EnkripsiPC (PC Encryption)
All your files are encrypted
Assalyamaleykum Wr Wb (User)
We encrypt all files
therefore, your files can not be opened
and all your files with the extensions .fucked
to restore all the files
Please send us, so that we
provided the code to restore
all your files
If you say something you do not do anything
never be disclosed in your data
as long as you do not pay us
it’s just so many of us do
Vassalamaleykum Wr Wb (User)

“Restore my files!” Button

How to recover files
1. Ask for an unlock code here to contact
LINE: manusiapartGS
Facebook: muhammad.f.nazeeh
Youtube: humanpuff69
email: fulldoang@gmail.com
mgfakhri@gmail.com
muhlubaid69 @ gmail .com
ID KOMPUTER = [Different for every PC] 2. Contribute to the redemption of this amount:
Rp 50.000 – Rp 100.000
3. If this is done the billing code will be provided to you, which you must enter here to restore files
[Click “BUKA” button]

The demanded sum of money to be paid to the cyber crooks is between 1 Bitcoin to 1,8 Bitcoins (in the ransom note that is from 50,000 to 100,000 Rupees). In US dollars that amount is from 800 to 1,500. You should NOT under any circumstances pay the cybercriminals. That will only support them financially.

There is also this notification window that shows when the ransomware is launched normally:

A rough translation in English would be:

ATTENTION !!!
This app was launched with limited rights.
For it to work properly required
Run it as administrator.

There is an unlock code that is based on the name of your computer (and that name also appears in the ransom message). The malware researcher Michael Gillespie has found out that the EnkripsiPC ransomware is probably fully decryptable, so if your PC is infected with it, you should wait for an official decryptor tool to be released.

Files are encrypted while the extension .fucked is appended as a secondary extension after their original one. Continue reading to see if you can unlock some of your files and wait for a decryptor tool to come out.

Remove EnkripsiPC Ransomware and Restore .fucked Files

If your computer got infected with the EnkripsiPC ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below.

Manually delete EnkripsiPC from your computer

Note! Substantial notification about the EnkripsiPC threat: Manual removal of EnkripsiPC requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove EnkripsiPC files and objects
2.Find malicious files created by EnkripsiPC on your PC

Automatically remove EnkripsiPC by downloading an advanced anti-malware program

1. Remove EnkripsiPC with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by EnkripsiPC
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.