Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted by WildFire Locker Ransomware

wildfire-locker-decryptor-sensorstechforum-main-instructionsWildFire Locker is a ransomware virus that aims to encrypt the files of the computers it infects adding the .wflx file extension and asking users to pay a ransom of 299 USD to restore the encrypted files. When the virus was initially released, it targeted primarily Dutch users. Since it has been released, the virus has infected a lot of users and many users had paid the ransom. Luckily, however, a decrypter has been released for WildFire Locker and users can now decode their files for free. We have published instructions to best help you decode your files if they have been encrypted by this nasty virus.

Threat Summary

Name

WildFire Locker

TypeRansomware
Short DescriptionEncrypts files asking for 299 USD or EUR in ransom payoff to decode them.
SymptomsThe user may witness a ransom note as a wallpaper, html file and a .txt document. Files are appended .wflx file extension.
Distribution MethodVia an Exploit kit, JavaScript or a Trojan.
Detection Tool See If Your System Has Been Affected by WildFire Locker

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss WildFire Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

WildFire Locker Ransomware – Brief Background

WildFire Locker was notorious for the “customer service” it provides to it’s victim. The virus even became famous for having a so-called helpdesk on it’s web page that can establish direct contact with the cyber-criminals:

helpdesk-wildfire-ransomware-sensorstechforum

The happiness of the cyber-criminals ended soon, because the Dutch police have seized the servers hosting WildFire Locker, allowing Kaspersky to create a working decrypter for this virus.

WildFire Locker – Removal and Decryption Instructions

If you want to decrypt your files, it is advisable to first remove the WildFire Locker virus in case you still have it on your computer. In order to successfully remove it. We advise you to use these instructions to fully delete it:

Manually delete WildFire Locker from your computer

Note! Substantial notification about the WildFire Locker threat: Manual removal of WildFire Locker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove WildFire Locker files and objects
2. Find malicious files created by WildFire Locker on your PC
3. Fix registry entries created by WildFire Locker on your PC

Automatically remove WildFire Locker by downloading an advanced anti-malware program

1. Remove WildFire Locker with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by WildFire Locker in the future

After you have deleted WildFire Locker successfully you should follow these steps to restore your files:

Step 1: Download Kaspersky’s decryptor by clicking on the button below:

Step 2: Extract the WildfireDecryptor.exe file to your desktop or somewhere where you can easily locate it:

2-WildfireDecryptor-kaspersky-extract

Step 3: Run the decryptor and click on the Start Scan button:

3-kaspersky-decrypter-sensorstechforum

Step 4: Choose an encrypted file, preferably choose a file that is smaller in size so that the process is faster.

3.1-sensorstechforum-path-select

Step 5: The decryptor will begin looking for a key. After it finds one, it will decrypt your other files as well.

4-kaspersky-key-sensorstechforum-scan

Decrypting WildFire Locker Files Using McAfee Decrypter:

Step 1: Download McAfee’s decrypter by clicking on the button below:

Download

McAfee WildFire Decryptrer

Step 2: Run the executable on your computer as an administrator.

Step 3: Find your user ID and use it in a command. You can find your user ID by looking at the ransom note. See the red square in the picture for more information:

note-sensorstechforum-wildfire-ransomware

After you have found it, you need to copy it and enter it in the following command:

wildfiredecrypt.exe -u {Your personal ID goes here}

Step 4: The command prompt should reply to you with a custom URL with your decryption key available as a .txt file for download. Download the text file ({your key}.txt) to get your private key.

Step 5: To decrypt an encrypted file, for example “Picture#WildFire_Locker#3737b2##.jpg.wflx”, simply write the following command in the decrypter:

wildfiredecrypt.exe -p {your key}.txt -f Picture#WildFire_Locker#3737b2##.jpg.wflx

After this, the decrypter should try to decrypt the file and if it has done it successfully, it will leave the decrypted file in the same place as the encoded one.

WildFire Decrypted – Conclusion

Luckily enough, police has interfered and confiscated the servers of this ransomware virus. Bear in mind, however that other users are not so lucky at this point, because many ransomware viruses are still out there, on the loose. This is why a relevant protection should be created in order to prevent such menaces from happening. Besides having an advanced anti-malware program, we recommend learning how to safely store your data as well:

Safely Store Your Files and Protect Them From Malware

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.