.ENCR FileLocker Ransomware (Restore Files) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

.ENCR FileLocker Ransomware (Restore Files)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .ENCR FileLocker and other threats.
Threats such as .ENCR FileLocker may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Article created to help you remove the CzechoSlovak ransomware infection and restore .ENCR files encrypted by this ransomware filelocker infection.

A virus created for the Chech speaking users, calling itself FileLocker has been reported by malware researchers to roam around the web and infect users. The virus uses the AES-256 and RSA ciphers to convert important documents into types of files that are no longer openable. The ransomware infection is also reported to leave behind a ransom note in which a message extorts users to pay a hefty ransom fee in order to get the files back. In case you have been infected by this ransomware, recommendations are to read this article thoroughly.

Threat Summary

Name

.ENCR FileLocker

TypeRansomware
Short DescriptionThe malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions” linking to a web page and a decryptor. Changed file names and the file-extension .ENCR has been used.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by .ENCR FileLocker

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss .ENCR FileLocker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.ENCR FileLocker – How Does It Infect

For this particular ransomware infection to get into your computer the cyber-criminals may use malicious e-mail spam containing malicious file attachments, fake updates and also fake installers of programs found in shady websites. Whatever the case may be, once a malicious executable containing this virus is opened, it connects to a remote host and downloads it’s malicious files onto the computer of the user:

→ %User’s Profile%\Documents\UserFilesLocker.exe
%User’s Profile%\Desktop\__encrypt.pinfo
%User’s Profile%\Documents\__encrypt.pinfo

.ENCR FileLocker Post-Infection Activity

After being infected with this ransomware virus, it may connect to multiple hosts to transfer information from the infected computer.

→ uradvlady.eu
financnasprava.digital
www.easycoin.cz
www.localbitcoins.com
www.simplecoin.cz
[email protected]

Then, the .ENCR FileLocker ransomware performs encryption via the AES cipher and then uses RSA in combination to generate unique decryption keys. The files which it targets for encryption are usually often used types of files:

→ .asf, .avi, .cer, .div, .dll, .exe, .flv, .inf, .ini, .jpg, .mkv, .mng, .mov, .mp3, .mp4, .mpeg, .mpg, .ogg, .ogv, .pkg, .qt, .rm, .rmvb, .run, .sh, .txt, .webm, .wmw, .xvid, .yuv

Since the .ENCR FileLocker encrypts executable files, it chooses very carefully the folders in which it encodes data:

  • Desktop.
  • Documents.
  • Downloads.
  • Favorites.
  • Music.
  • Pictures.
  • SavedGames.
  • SavedSearches.
  • Videos.

After the encryption process is complete, this ransomware virus adds the .ENCR file extension to the encrypted files, making them appear like the following:

The virus also drops a ransom note, written entirely in Czech. In it, it demands bitcoins and threatens to increase the ransom if the payoff is not conducted in time:

“VŠECHNA VAŠE OSOBNI DATA BYLA NANESTESTI PRO VAS KOMPLETNE ZASIFROVANA
Informace
Krok 1 – PLATBA
Krok 2 – Informujte nas
Step 3 – Obnova dat
Vaše data a soubory jsou nyni bohužel zašifrovaný našim klicem. K šifrováni byl použit unikatni AES-256 key generovaný na tomto pocitaci. V tento okamžik jsou jiz všechny soubory zašifrované a klic bezpecne uloženy v zasifrovane v podobě klice RSA-2048.
Jediný a pouze mozny způsob navraceni Vašich souboru je provést platbu Bitcoinem a vyzadat od nas klice k odsifrovani. Neverte zadnym pohádkám na internetu, ze toto je mozne obejit, jednoduše neni kdyby bylo mnoho veci na tomto svete přestane fungovat.
Zaplatte dle instrukci v následujících krocích podle listy nahoře a vyčkejte na Vaše klice. I nam jde o profesionální klientsky servis a reputaci na trhu, proto se budeme snažit odemknout Vaše soubory co nejdříve.
Castka k uhrade: 0.8 BTC
Castka k uhrade: 2.1 BTC (another variant)”

Remove .ENCR FileLocker and Try Decrypting Your Files

For the removal of this ransomware infection, advices are to focus on backing up the encrypted files prior to the removal. Then you can delete the .ENCR FileLocker by following the removal instructions posted below. They are methodologically arranged to help you remove this ransomware. In case you do not have enough experience in the removal of this ransomware infection, we recommend downloading an advanced anti-malware software. It will help you perform the removal automatically and swiftly.

In case you are looking for methods to restore your files in case they have been encrypted by this ransomware infection, we recommend checking the alternative file decryption methods below in step “2. Restore files encrypted by .ENCR FileLocker”. They may not be 100% effective but at least some of the important files might be recovered.

Note! Your computer system may be affected by .ENCR FileLocker and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .ENCR FileLocker.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .ENCR FileLocker follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .ENCR FileLocker files and objects
2. Find files created by .ENCR FileLocker on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .ENCR FileLocker

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...