The ransomware world has brought us yet another child, named FLRK. The virus uses the Blowfish encryption algorithm with 512 bytes from the files encrypted using it., which are enough to render them no longer openable. Also, the virus ads an INSTRUCT.txt file which display demands to communicate with the cyber-criminals done this and hence pay a hefty ransom fee to get the files back. In case you have become a victim of the FLKR virus, we urge you not to pay any form of ransom and focus on reading our article to learn more about the virus and methods to remove it and try to restore the files.
|Short Description||The ransomware encrypts files with Blowfish encryption cipher and asks a ransom payment of BTC for decryption.|
|Symptoms||Files are encrypted with Blowfish encryption and become inaccessible with an added [email protected]_ file extension to them. A ransom note with instructions for paying the ransom shows as INSTRUCT.txt file.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by FLKR |
Malware Removal Tool
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
FLKR Ransomware – How Did I Get It
Typically for most ransomware viruses, FLKR uses the typical technique to infect users. The virus may spread via phishing e-mails that aim to trick inexperienced users into opening malicious attachments or URLs posted in them. Several examples of desirable subjects for phishing e-mail topics are:
- “Your PayPal account has been suspended.”
- “Your eBay purchase has been dispatched.”
- “There is suspicious activity on your BankAccount”
- “Deadline for paying your fine.”
After the user is tricked into opening the suspicious e-mails, this results in the malware connecting successfully to a C2 server from where FLKR’s payload is downloaded. The payload of FLKR, consists of the following files, located in the system drive:
FLKR Ransomware – Post-Infection Activity
After FLKR Ransomware has already dropped it’s files, the virus may set registry entries for those files to run on system startup. The registry keys that are targeted for this are the following:
In those keys value, strings may be added which have set data in them with the location of the malicious executables. This may run on startup.
As soon as the malicious executable is run, the FLKR virus begins encrypting user data. Amongst the encrypted files are:
- Audio files.
- Microsoft Office documents.
- Adobe Reader types of files.
- Files that are associated with databases.
- Virtual drives.
Interestingly enough, FLKR ransomware skips encrypting .txt, .mp3 and .avi files.
It also skips encrypting files in crucial Windows folders that may stop the functioning of the OS:
- %Program Files%
- %Documents and Settings%
After encryption the virus drops INSTUCT.txt file that has the following instructions:
Affected users have reported that contacting the e-mail results in the cyber-crooks providing instructions on how to pay a hefty ransom fee to get the files back and this is why experts recommend taking another approach.
Solution to FLKR Ransomware
It is strongly advisable before attempting any file restoration or decryption to successfully remove FLKR ransomware from your computer. This is why we have prepared the manual and automatic removal instructions below, and we urge you to follow them. In case you are not experienced in malware removal, we advise using an advanced anti-malware program to get rid of the FLKR associated files and objects in the Windows Registry automatically and swiftly.
After having removed FLKR completely from your computer, we strongly advise you to see the alternative suggestions on how to restore the Blowfish-encrypted files. But before doing this, we also urge you to backup those encrypted files since those methods have not been tested for this virus. Then, you can go ahead and try our suggestions in step “2.Restore files encrypted by FLKR Ransomware” below. This is a temporary solution until malware researchers come up with a solution on how to use a free decryptor and restore your files.