Remove FLKR Ransomware and Restore _ Files - How to, Technology and PC Security Forum |

Remove FLKR Ransomware and Restore _ Files

The ransomware world has brought us yet another child, named FLRK. The virus uses the Blowfish encryption algorithm with 512 bytes from the files encrypted using it., which are enough to render them no longer openable. Also, the virus ads an INSTRUCT.txt file which display demands to communicate with the cyber-criminals done this and hence pay a hefty ransom fee to get the files back. In case you have become a victim of the FLKR virus, we urge you not to pay any form of ransom and focus on reading our article to learn more about the virus and methods to remove it and try to restore the files.

Threat Summary

Short DescriptionThe ransomware encrypts files with Blowfish encryption cipher and asks a ransom payment of BTC for decryption.
SymptomsFiles are encrypted with Blowfish encryption and become inaccessible with an added ._morf56@meta.ua_ file extension to them. A ransom note with instructions for paying the ransom shows as INSTRUCT.txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by FLKR


Malware Removal Tool

Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

FLKR Ransomware – How Did I Get It

Typically for most ransomware viruses, FLKR uses the typical technique to infect users. The virus may spread via phishing e-mails that aim to trick inexperienced users into opening malicious attachments or URLs posted in them. Several examples of desirable subjects for phishing e-mail topics are:

  • “Your PayPal account has been suspended.”
  • “Your eBay purchase has been dispatched.”
  • “There is suspicious activity on your BankAccount”
  • “Deadline for paying your fine.”

After the user is tricked into opening the suspicious e-mails, this results in the malware connecting successfully to a C2 server from where FLKR’s payload is downloaded. The payload of FLKR, consists of the following files, located in the system drive:

→ C:\cpqsystem\rel1711\flkr.exe

FLKR Ransomware – Post-Infection Activity

After FLKR Ransomware has already dropped it’s files, the virus may set registry entries for those files to run on system startup. The registry keys that are targeted for this are the following:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In those keys value, strings may be added which have set data in them with the location of the malicious executables. This may run on startup.

As soon as the malicious executable is run, the FLKR virus begins encrypting user data. Amongst the encrypted files are:

  • Videos.
  • Audio files.
  • Microsoft Office documents.
  • Adobe Reader types of files.
  • Files that are associated with databases.
  • Virtual drives.

Interestingly enough, FLKR ransomware skips encrypting .txt, .mp3 and .avi files.

It also skips encrypting files in crucial Windows folders that may stop the functioning of the OS:

  • %Program Files%
  • %Documents and Settings%
  • %Intel%
  • %Install%
  • %cpqsystem%

After encryption the virus drops INSTUCT.txt file that has the following instructions:

“Information is encrypted with a strong password.
To decrypt it for instructions.
Reserver communication channel – this jabber:
Use jabber only when this conversation via e-mail is not possible”

Affected users have reported that contacting the e-mail results in the cyber-crooks providing instructions on how to pay a hefty ransom fee to get the files back and this is why experts recommend taking another approach.

Solution to FLKR Ransomware

It is strongly advisable before attempting any file restoration or decryption to successfully remove FLKR ransomware from your computer. This is why we have prepared the manual and automatic removal instructions below, and we urge you to follow them. In case you are not experienced in malware removal, we advise using an advanced anti-malware program to get rid of the FLKR associated files and objects in the Windows Registry automatically and swiftly.

After having removed FLKR completely from your computer, we strongly advise you to see the alternative suggestions on how to restore the Blowfish-encrypted files. But before doing this, we also urge you to backup those encrypted files since those methods have not been tested for this virus. Then, you can go ahead and try our suggestions in step “2.Restore files encrypted by FLKR Ransomware” below. This is a temporary solution until malware researchers come up with a solution on how to use a free decryptor and restore your files.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share