Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


.ENCR FileLocker Ransomware (Restore Files)

Article created to help you remove the CzechoSlovak ransomware infection and restore .ENCR files encrypted by this ransomware filelocker infection.

A virus created for the Chech speaking users, calling itself FileLocker has been reported by malware researchers to roam around the web and infect users. The virus uses the AES-256 and RSA ciphers to convert important documents into types of files that are no longer openable. The ransomware infection is also reported to leave behind a ransom note in which a message extorts users to pay a hefty ransom fee in order to get the files back. In case you have been infected by this ransomware, recommendations are to read this article thoroughly.

Threat Summary

Name

.ENCR FileLocker

TypeRansomware
Short DescriptionThe malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions” linking to a web page and a decryptor. Changed file names and the file-extension .ENCR has been used.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by .ENCR FileLocker

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss .ENCR FileLocker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.ENCR FileLocker – How Does It Infect

For this particular ransomware infection to get into your computer the cyber-criminals may use malicious e-mail spam containing malicious file attachments, fake updates and also fake installers of programs found in shady websites. Whatever the case may be, once a malicious executable containing this virus is opened, it connects to a remote host and downloads it’s malicious files onto the computer of the user:

→ %User’s Profile%\Documents\UserFilesLocker.exe
%User’s Profile%\Desktop\__encrypt.pinfo
%User’s Profile%\Documents\__encrypt.pinfo

.ENCR FileLocker Post-Infection Activity

After being infected with this ransomware virus, it may connect to multiple hosts to transfer information from the infected computer.

→ uradvlady.eu
financnasprava.digital
www.easycoin.cz
www.localbitcoins.com
www.simplecoin.cz
[email protected]

Then, the .ENCR FileLocker ransomware performs encryption via the AES cipher and then uses RSA in combination to generate unique decryption keys. The files which it targets for encryption are usually often used types of files:

→ .asf, .avi, .cer, .div, .dll, .exe, .flv, .inf, .ini, .jpg, .mkv, .mng, .mov, .mp3, .mp4, .mpeg, .mpg, .ogg, .ogv, .pkg, .qt, .rm, .rmvb, .run, .sh, .txt, .webm, .wmw, .xvid, .yuv

Since the .ENCR FileLocker encrypts executable files, it chooses very carefully the folders in which it encodes data:

  • Desktop.
  • Documents.
  • Downloads.
  • Favorites.
  • Music.
  • Pictures.
  • SavedGames.
  • SavedSearches.
  • Videos.

After the encryption process is complete, this ransomware virus adds the .ENCR file extension to the encrypted files, making them appear like the following:

The virus also drops a ransom note, written entirely in Czech. In it, it demands bitcoins and threatens to increase the ransom if the payoff is not conducted in time:

“VŠECHNA VAŠE OSOBNI DATA BYLA NANESTESTI PRO VAS KOMPLETNE ZASIFROVANA
Informace
Krok 1 – PLATBA
Krok 2 – Informujte nas
Step 3 – Obnova dat
Vaše data a soubory jsou nyni bohužel zašifrovaný našim klicem. K šifrováni byl použit unikatni AES-256 key generovaný na tomto pocitaci. V tento okamžik jsou jiz všechny soubory zašifrované a klic bezpecne uloženy v zasifrovane v podobě klice RSA-2048.
Jediný a pouze mozny způsob navraceni Vašich souboru je provést platbu Bitcoinem a vyzadat od nas klice k odsifrovani. Neverte zadnym pohádkám na internetu, ze toto je mozne obejit, jednoduše neni kdyby bylo mnoho veci na tomto svete přestane fungovat.
Zaplatte dle instrukci v následujících krocích podle listy nahoře a vyčkejte na Vaše klice. I nam jde o profesionální klientsky servis a reputaci na trhu, proto se budeme snažit odemknout Vaše soubory co nejdříve.
Castka k uhrade: 0.8 BTC
Castka k uhrade: 2.1 BTC (another variant)”

Remove .ENCR FileLocker and Try Decrypting Your Files

For the removal of this ransomware infection, advices are to focus on backing up the encrypted files prior to the removal. Then you can delete the .ENCR FileLocker by following the removal instructions posted below. They are methodologically arranged to help you remove this ransomware. In case you do not have enough experience in the removal of this ransomware infection, we recommend downloading an advanced anti-malware software. It will help you perform the removal automatically and swiftly.

In case you are looking for methods to restore your files in case they have been encrypted by this ransomware infection, we recommend checking the alternative file decryption methods below in step “2. Restore files encrypted by .ENCR FileLocker”. They may not be 100% effective but at least some of the important files might be recovered.

Manually delete .ENCR FileLocker from your computer

Note! Substantial notification about the .ENCR FileLocker threat: Manual removal of .ENCR FileLocker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .ENCR FileLocker files and objects
2.Find malicious files created by .ENCR FileLocker on your PC

Automatically remove .ENCR FileLocker by downloading an advanced anti-malware program

1. Remove .ENCR FileLocker with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .ENCR FileLocker
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.