.ENCR FileLocker Ransomware (Restore Files) - How to, Technology and PC Security Forum | SensorsTechForum.com

.ENCR FileLocker Ransomware (Restore Files)

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Article created to help you remove the CzechoSlovak ransomware infection and restore .ENCR files encrypted by this ransomware filelocker infection.

A virus created for the Chech speaking users, calling itself FileLocker has been reported by malware researchers to roam around the web and infect users. The virus uses the AES-256 and RSA ciphers to convert important documents into types of files that are no longer openable. The ransomware infection is also reported to leave behind a ransom note in which a message extorts users to pay a hefty ransom fee in order to get the files back. In case you have been infected by this ransomware, recommendations are to read this article thoroughly.

Threat Summary


.ENCR FileLocker

Short DescriptionThe malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions” linking to a web page and a decryptor. Changed file names and the file-extension .ENCR has been used.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by .ENCR FileLocker


Malware Removal Tool

User ExperienceJoin our forum to Discuss .ENCR FileLocker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.ENCR FileLocker – How Does It Infect

For this particular ransomware infection to get into your computer the cyber-criminals may use malicious e-mail spam containing malicious file attachments, fake updates and also fake installers of programs found in shady websites. Whatever the case may be, once a malicious executable containing this virus is opened, it connects to a remote host and downloads it’s malicious files onto the computer of the user:

→ %User’s Profile%\Documents\UserFilesLocker.exe
%User’s Profile%\Desktop\__encrypt.pinfo
%User’s Profile%\Documents\__encrypt.pinfo

.ENCR FileLocker Post-Infection Activity

After being infected with this ransomware virus, it may connect to multiple hosts to transfer information from the infected computer.

→ uradvlady.eu

Then, the .ENCR FileLocker ransomware performs encryption via the AES cipher and then uses RSA in combination to generate unique decryption keys. The files which it targets for encryption are usually often used types of files:

→ .asf, .avi, .cer, .div, .dll, .exe, .flv, .inf, .ini, .jpg, .mkv, .mng, .mov, .mp3, .mp4, .mpeg, .mpg, .ogg, .ogv, .pkg, .qt, .rm, .rmvb, .run, .sh, .txt, .webm, .wmw, .xvid, .yuv

Since the .ENCR FileLocker encrypts executable files, it chooses very carefully the folders in which it encodes data:

  • Desktop.
  • Documents.
  • Downloads.
  • Favorites.
  • Music.
  • Pictures.
  • SavedGames.
  • SavedSearches.
  • Videos.

After the encryption process is complete, this ransomware virus adds the .ENCR file extension to the encrypted files, making them appear like the following:

The virus also drops a ransom note, written entirely in Czech. In it, it demands bitcoins and threatens to increase the ransom if the payoff is not conducted in time:

Krok 1 – PLATBA
Krok 2 – Informujte nas
Step 3 – Obnova dat
Vaše data a soubory jsou nyni bohužel zašifrovaný našim klicem. K šifrováni byl použit unikatni AES-256 key generovaný na tomto pocitaci. V tento okamžik jsou jiz všechny soubory zašifrované a klic bezpecne uloženy v zasifrovane v podobě klice RSA-2048.
Jediný a pouze mozny způsob navraceni Vašich souboru je provést platbu Bitcoinem a vyzadat od nas klice k odsifrovani. Neverte zadnym pohádkám na internetu, ze toto je mozne obejit, jednoduše neni kdyby bylo mnoho veci na tomto svete přestane fungovat.
Zaplatte dle instrukci v následujících krocích podle listy nahoře a vyčkejte na Vaše klice. I nam jde o profesionální klientsky servis a reputaci na trhu, proto se budeme snažit odemknout Vaše soubory co nejdříve.
Castka k uhrade: 0.8 BTC
Castka k uhrade: 2.1 BTC (another variant)”

Remove .ENCR FileLocker and Try Decrypting Your Files

For the removal of this ransomware infection, advices are to focus on backing up the encrypted files prior to the removal. Then you can delete the .ENCR FileLocker by following the removal instructions posted below. They are methodologically arranged to help you remove this ransomware. In case you do not have enough experience in the removal of this ransomware infection, we recommend downloading an advanced anti-malware software. It will help you perform the removal automatically and swiftly.

In case you are looking for methods to restore your files in case they have been encrypted by this ransomware infection, we recommend checking the alternative file decryption methods below in step “2. Restore files encrypted by .ENCR FileLocker”. They may not be 100% effective but at least some of the important files might be recovered.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share