Remove Facebook Ransomware (.Facebook Extension)

Remove Facebook Ransomware (.Facebook Extension)


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Facebook Ransomware and other threats.
Threats such as Facebook Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

facebook ransomware ransom note sensorstechforum

This article explains the issues that occur in case of infection with Facebook ransomware and provides a complete guide on how to remove malicious files and how to potentially recover files encrypted by this ransomware.

Facebook ransomware is a crypto infection that invades computer systems in order to encode predefined types of files. In case that it has managed to infect your system you could not use it regularly until you remove all malicious files and objects created by the ransomware. The most devastating impact that you will witness, however, is the corruption of valuable data. Many of your files will remain inaccessible unless you apply any effective method to revert back their code. Here we need to advise you to avoid ransom payment and better use the help of alternative data recovery methods.

Threat Summary

NameFacebook Ransomware
TypeRansomware, Cryptovirus
Short DescriptionA data locker ransomware that utilizes strong cihper algorithm to encrypt files on stored on the infected computer. Then it demands a ransom for decryption solution.
SymptomsImportant files are locked and renamed with .Facebook extension. Hackers demand a ransom payment
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Facebook Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Facebook Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Facebook Ransomware – Distribution

As revealed by the analyses of Facebook ransomware samples the infection process is triggered by an executable file called Facebook.exe. This file could be delivered on computer systems via shady spread techniques like malspam, malvertising, software bundling and website corruption.

We presume that malspam is the main spread channel used by the authors of Facebook ransomware. Malspam or emails that deliver malicious code on users’ devices is a technique known to be used by the majority of malicious intenders who spread ransomware infections. Now we will reveal some traits that could help you detect an email that attempts to trick you into running malicious code on your device.

The first one is the presence of file attachment. This file is likely to be of a commonly used type in order that you are more prone to download it without considering it’s a malicious file. In addition, the text message may urge you to review it as soon as possible due to the importance of its data. In case that you get tricked into opening the file on your device you unintentionally activate the infection process.

Another trait of an email that attempts to trick you into infecting your device with ransomware is the presence of an URL address. This URL is usually set to land you on a web page that is designed to drop and activate the infection directly on your machine.

The tricky part with all these emails is that they often pose as representatives of legitimate institutions. So we advise you to read carefully each email you receive before you take any further actions. You can also check the security status of incorporated elements with the help of online malware scanners such as ZipeZip and VirusTotal.

Facebook Ransomware – Overview

Facebook ransomware is a crypto infection that invades computer systems in order to encode predefined types of files. In case that it has managed to infect your system you could not use it regularly until you remove all malicious files and objects created by the ransomware. The most devastating impact that you will witness, however, is the corruption of valuable data. Many of your files will remain inaccessible unless you apply any effective method to revert back their code. Here we need to advise you to avoid ransom payment and better use the help of alternative data recovery methods.

Facebook ransomware is yet another crypto virus that has been recently detected on the malware scene. This is not the first time when the name of a well-known company such as Facebook is involved in the malicious activities of hacker collectives being it within the platform or without it. Variety of

Facebook viruses are lurking across the largest social media platform on a daily basis.

This time the name of the company, as well as its distinctive features including its logo and dominant color, are associated with one of the most devastating types of malware – ransomware. The infection process with Facebook ransomware begins when its payload is started on the system. This file contains information on how to access various system components needed for the successful completion of the attack.

At first, it is likely to initiate the creation of additional malicious files on the system. Except creating them directly on the system, the ransomware may also connect its command and control server and download needed files. These files may be located in some of the following system folders:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%
  • %Windows%

When Facebook ransomware has all its files established on the system, it could continue with further malicious activities. Some of the compromises known to support its infection process affect the Registry Editor. The Registry Editor is a hierarchical database that stores information about essential system settings that control its regular performance.

There are two registry sub-keys that are regularly affected in case of a ransomware attack. These keys are Run and RunOnce. This tendency could be explained by the fact that the same keys are used for the automatic execution of all files and processes that are of paramount importance for the regular load of your operating system. Once Facebook ransomware adds malicious values there, it becomes able to infect the system each time you switch on your device. So we recommend you to check your registries and ensure that no malicious values misuse their functionalities.

All initial system modifications are applied in order that Facebook ransomware could reach its main infection stage – data encryption. The details on data corruption are revealed in the next paragraph and here we will continue revealing information on what happens after this process. The primary purpose of this threat is to extort a ransom payment from its victims. So once it encodes target files it drops a ransom note file that has the following look:

facebook ransomware ransom note sensorstechforum

This message appears on your screen in an attempt to force you to contact hackers and ask them for further details on data restoration and ransom payment. At this point, it is known that hackers who stand behind this nasty Facebook ransomware demand an amount of 0.29 BTC that could be currently obtained for around 975 USD.

Beware that there is no evidence of their decrypter being an efficient one. So paying the ransom may not guarantee the recovery of your .Facebook files.

Facebook Ransomware – Encryption Process

Security researchers have identified that this Facebook crypto virus is based on the code of the popular ransomware family HiddenTear. The bad news is that it uses the sophisticated cipher algorithm AES to encode target files – a process which leaves them completely out of order. The good news is that many ransomware strains that belong to the same ransomware family have been successfully decrypted by security experts. Eventually, this one will be soon decrypted as well.

As of the types of files targeted by Facebook ransomware, they may be all of the following:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

You could not miss corrupted files as they are all marked with the distinctive extension .Facebook. In fact, this is not the first ransomware associated with this extension. Back in May we have reported the

The FBLocker virus has been identified in an attack encrypting the victim files with the .facebook extension, read more in our removal guide
FBLocker virus that is also using the .facebook extension with the difference that the first letter is lower case.

Remove Facebook Ransomware and Restore .Facebook Files

The so-called Facebook ransomware is a threat with highly complex code that plagues not only your files but your whole system. So infected system should be cleaned and secured properly before you could use it regularly again. Below you could find a step-by-step removal guide that may be helpful in attempting to remove Facebook ransomware. Choose the manual removal approach if you have previous experience with malware files. If you don’t feel comfortable with the manual steps select the automatic section from the guide. Steps there enable you to check the infected system for ransomware files and remove them with a few mouse clicks.

In order to keep your system safe from ransomware and other types of malware in future, you should install and maintain a reliable anti-malware program. Additional security layer that could prevent the occurrence of ransomware attacks is

With the different types of ransomware emerging and evolving on a daily basis, a need for better protection against such viruses arises. A more specific kind of protection is always necessary, in addition to any anti-malware tools. The following article...Read more
anti-ransomware tool.

Make sure to read carefully all the details mentioned in the step “Restore files” if you want to understand how to fix encrypted files without paying the ransom. Beware that before data recovery process you should back up all encrypted files to an external drive as this will prevent their irreversible loss.

Note! Your computer system may be affected by Facebook Ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Facebook Ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Facebook Ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Facebook Ransomware files and objects
2. Find files created by Facebook Ransomware on your PC

Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections. She believes that in times of constantly evolving dependency of network connected technologies, people should spread the word not the war.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share