FINGERPRINT Ransomware – How to Remove It and Recover Files - How to, Technology and PC Security Forum |

FINGERPRINT Ransomware – How to Remove It and Recover Files

This article aims to show you more information on what is FINGERPRINT ransomware virus and how to remove this ransomware infection from your computer plus how you can try and recover files, encrypted by FINGERPRINT ransomware.

The FINGERPRINT ransomware is the type of malware which is from the file encryption kind. It aims to render your files obsolete and no longer able to be used until you send 0.01 BTC to the BitCoin address of the cyber-criminals. What is interesting is tht this virus uses Command Prompt in order to display it’s ransom note file that asks victims to contact the crooks on If you are one of the victims of the FINGERPRINT ransomware virus, we advise that you keep reading this article to learn more about this malware plus methods on how to effectively remove it from your computer.

Threat Summary

NameFINGERPRINT Ransomware
TypeRansomware, Cryptovirus
Short DescriptionFINGERPRINT ransomware encrypts the files on the victims computers and then leaves behind a ransom note in Windows Command Prompt.
SymptomsThe ransomware may start to perform series of unwanted activties which lead to the files encrypted with random file extensions and names and the virus displays a ransom note, called “YOUR FILES ARE ENCRYPTED YOUR FINGERPRINT:”
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by FINGERPRINT Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss FINGERPRINT Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

FINGERPRINT Ransomware – How Does It Infect

The infection process of this virus, which as researchers refer to it is LitteFinger( ransomware, may be conduced in more than one way. For starters, it’s main malicious file is detected at VirusTotal to have the following parameters:

→ SHA-256: 6243ddb5f1337118e0a5cb17c326d30d6b90237c316463312e93c45cbe713346
Size:17.5 KB

This executable file may be dropped on the victims’ computers as a result of opening a malicious file, posing as a legitimate document. These files are often spread via fake spam e-mails, like the example below shows:

The e-mails often aim to portray different companies in order to increase the trust in the victim and hence the likelyhood of the victim opening the malicious files, for example:

  • An invoice for a purchase.
  • A receipt of new funds the user has not received.
  • A banking statement of a closed bank account which may not be true at all.

The crooks often use executable files or javascript files that pose as documents in archives that are attached in the e-mail itself. The most recent trend is to use malicious Microsoft Word documents that seem legitimate, but actually trigger malicious Macros, once the victim opens them and enables editing.
This happens in a chain of activities, similar to what the graphic underneath displays:

In addition to via e-mail, the malicious files of this ransomware virus may also be spread by simply posing as legitimate programs or installers of programs and even lincense activators from the likes of game patches, cracks and others.

FINGERPRINT Ransomware – More Information

Upon infection, the malicious file of FINGERPRINT ransomware may drop the payload of the virus, among which is likely the mpsigeng.exe module, repsonsible for file encryption plus other support files, that are likely .dll or .tmp ones. All of the dropped files may exist in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

The FINGERPRINT ransomware virus then may perform a check if the virus is running on Virtual Drive or an actual Windows OS. If it’s running on Virtual Box or other virtual environment, the malware may shut down and delete it’s files. If not, however, the virus proceeds by creating a Run or RunOnce value string, which is located in the following sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

It’s purpose is to get the .exe file to run automatically when you login Windows.

In addition to this, the FINGERPRINT ransomware may also execute the following commands in Windows Command prompt in order to delete the backups on your computer, mainly the shadow copies:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

The virus also executes a script that displays it’s ransom note on the victim’s computer. It looks similar to the following image:

Text from image:


SEND 0.01 BTC to address: 30j32910d19dsd92930j0f1230fje0439fs0c0sz



FINGERPRINT Ransomware – Encryption Process

In order to encrypt the files on your computer, the FINGERPRINT ransowmare may use an encryption algorithm which ovewrites key data on the files, such as the file header or parts of the data within the files themselves. The files which are encrypted are usually often used files, like:

  • Documents.
  • Images.
  • Videos.
  • Archives.
  • Virtual Drive files.
  • Other often used files.

Once the FINGERPRINT virus encrypts the files on your computer, the ransomware may not change anything on the file name and the files still seem normal, but they cannot be opened by any particular program. The crooks want a ransom payment of 0.01 BTC to be sent on their address with a transaction ID included. Be advised that as tempting as this may sound, it is not recommended to do that, since sending money is no guarantee that the crooks will send you back a decryptor for your files and more so by paying you support their cyber-criminal activity as well.

Remove Fingerprint Ransomware and Restore Your Data

If your computer has already been infected by this version of the FINGERPRINT virus, you can proceed and remove it by following the removal steps underneath this article. They have been created with the idea to help you remove this ransomware either manually or automatically from your PC. If manual removal is not something you feel confident in, it is advisable that you delete this ransomware virus automatically, preferably by downloading and running a scan of your PC with the aid of an anti-malware software, as many security experts recommend. Such software will not only make sure that the ransomware virus is fully removed from your PC, but will also fully secure your PC against any infections that might occur in the future as well.

If you want to try and restore files, encrypted by this virus, we recommend that you try the alternative methods in step “2. Restore files, encrypted by FINGERPRINT Ransomware.”. They are no guarantee that you will recover all of the files, but they aim to help you to restore as many encrypted files as possible.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share