Remove EnkripsiPC Ransomware and Restore .fucked Files

Remove EnkripsiPC Ransomware and Restore .fucked Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Attention! This article will aid you remove EnkripsiPC ransomware totally. Follow the ransomware removal instructions provided in the end of the article.

EnkripsiPC is a ransomware that is believed to be based on the M4N1F3STO and Detox ransomware viruses. Your files will get encrypted with the .fucked extension being added to all files after the process is finished. The ransom message that is displayed afterward is written in the Indonesian language. Also, the codename of the virus is Indonesian Ransomware Version 3 or IDRANSOMv3 for short. Read on to see ways you can try to restore your files.

Update! There is now a decryptor tool for this ransomware! The tool was created by the malware researcher Michael Gillespie and can be downloaded from the following link, wrapped inside a .zip archive: StupidDecrypter.

Threat Summary

Short DescriptionThe ransomware locks your screen and shows a ransom message with instructions for paying.
SymptomsThe ransomware will lock your desktop and encrypt your files with the .fucked extension. The criminals demand between 1 and 1,8 Bitcoin as a ransom payment.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by EnkripsiPC


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss EnkripsiPC.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

EnkripsiPC Ransomware – Distribution

EnkripsiPC ransomware could be distributed via different ways. Usually, there is a payload file that executes a malicious script which infects your computer. You can see the analysis of VirusTotal of such an executable file for this virus that contains its payload, from the image down here:

EnkripsiPC ransomware could be distributing that payload file on social media networks and such for file-sharing. Some legitimate applications might contain the malicious payload script. Big number of freeware and bundled applications could be promoted as useful on the Web but could be hiding the malicious script in question. Refrain from opening files from suspicious sources such as e-mails or links, especially not right after downloading them. First, you should perform a scan with a security application and check their size and signatures for anything dubious. You should read the ransomware prevention tips from the corresponding forum topic.

EnkripsiPC Ransomware – Analysis

The EnkripsiPC is a screenlocker ransomware that is also a cryptovirus. It will encrypt files on your computer with the same extension. Malware researchers believe that the virus stems from the “M4N1F3STO ransomware” or even “DetoxCrypto ransomware”.

EnkripsiPC ransomware could create entries in the Windows Registry to achieve perseverance. Such registry entries are designed in such a way that will make the virus launch automatically with each boot of the Windows Operating System. In this way, the lockscreen remains, and you won’t be able to get past it.

The codename for the EnkripsiPC virus is Indonesian Ransomware Version 3 or IDRANSOMv3 for short, as it can be seen from its code:

The ransom note will appear with the screenlocker inside a window. The message includes what the ransom sum is, along with the other instructions and demands of the cybercriminals for decrypting your files. You can check out the ransom message and the lockscreen right here below:

The ransom note reads the following:

Assalamualaikum Wr Wb
Kami telah Mengenkripsi semua file anda
alhasil file anda TIDAK BISA DIBUKA
dan semua file anda berekstensi .fucked
untuk mengembalikan semua file anda
silahkan bayar kepada kami agar kami
memberikan kode untuk mengembalikan
semua file anda
jika anda diam saja tidak melakukan apa apa
data anda tidak akan pemah bisa dibuka
sampai anda membayar kepada kami
itu saja sekiian dari kami
wassalamualaikum wr wb

button “Kembalikan File Saya!”

Cara Mengembalikan File Anda
1. Silahkan Minta Kode Pembuka Kepada Kontak Berikut
LINE: manusiapartGS
Facebook: muhammad.f.nazeeh
Youtube: humanpuff69
muhlubaid69@gmail .com
2. Bayar Denda Sesuai yang disuruh
Biaya Pengembalian file:
Rp 50.000 – Rp 100.000
3. Setelah melakukan pembayaran anda akan diberi kode untuk dimasukan dibawah sini untuk mengembalikan file anda…
button “BUKA”

A rough translation of that note would be the following:

EnkripsiPC (PC Encryption)
All your files are encrypted
Assalyamaleykum Wr Wb (User)
We encrypt all files
therefore, your files can not be opened
and all your files with the extensions .fucked
to restore all the files
Please send us, so that we
provided the code to restore
all your files
If you say something you do not do anything
never be disclosed in your data
as long as you do not pay us
it’s just so many of us do
Vassalamaleykum Wr Wb (User)

“Restore my files!” Button

How to recover files
1. Ask for an unlock code here to contact
LINE: manusiapartGS
Facebook: muhammad.f.nazeeh
Youtube: humanpuff69
muhlubaid69 @ gmail .com
ID KOMPUTER = [Different for every PC] 2. Contribute to the redemption of this amount:
Rp 50.000 – Rp 100.000
3. If this is done the billing code will be provided to you, which you must enter here to restore files
[Click “BUKA” button]

The demanded sum of money to be paid to the cyber crooks is between 50,000 to 100,000 Indonesian Rupiah. In US currency that amount is up to 7 ~ 8 dollars. You should NOT under any circumstances pay the cybercriminals. That will only support them financially.

There is also this notification window that shows when the ransomware is launched normally:

A rough translation in English would be:

This app was launched with limited rights.
For it to work properly required
Run it as administrator.

There is an unlock code that is based on the name of your computer (and that name also appears in the ransom message). The malware researcher Michael Gillespie has found out that the EnkripsiPC ransomware is probably fully decryptable, so if your PC is infected with it, you should wait for an official decryptor tool to be released.

Files are encrypted while the extension .fucked is appended as a secondary extension after their original one. Continue reading to see if you can unlock some of your files and wait for a decryptor tool to come out.

Remove EnkripsiPC Ransomware and Restore .fucked Files

If your computer got infected with the EnkripsiPC ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts


  1. Avatarsatrio wahyutomo

    Umm just for your information Rp is Indonesian Rupiah and NOT Indian Rupees. So actually the hacker only ask you for max IDR100.000 or only USD$10 :3 well its the truth

    1. SensorsTechForumSensorsTechForum

      Hi Satrio,

      Thank you for pointing this out :)


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share