Remove IFN643 Virus and Restore .ifn643 Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove IFN643 Virus and Restore .ifn643 Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by IFN643 Virus and other threats.
Threats such as IFN643 Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

stf-ifn643-malware-readme-ransomware-virus-ransom-message-note

IFN643 is the name of a newly-found ransomware virus. This virus encrypts your files by placing the .ifn643 extension to them. After the encryption process is finished, it will put a file named “IFN643_Malware_Readme”. That file contains the ransom demand, which is for 1000 US dollars to be sent to a Bitcoin address. To see how to remove this ransomware and how you can try to restore your data, read the whole article.

Threat Summary

NameIFN643 Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts your data and then shows a ransom message with instructions.
SymptomsYour files become inaccessible. The .ifn643 extension will be appended to them after encryption.
Distribution MethodSpam Emails, Email Attachments, Executables
Detection Tool See If Your System Has Been Affected by IFN643 Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss IFN643 Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

IFN643 Ransomware – Spread

The IFN643 ransomware could spread and reach your computer machine by using a few different methods. Spam email campaigns are likely among the top distributors of its payload file. E-mails which are set as spam are designed to make you think that the message you have received with the letter is of great importance and the file attached to it will bring you to some conclusion. Upon opening the attached file, your computer will become infected with the malicious code contained inside. The payload could be executed from an executable file, much like the example given below in the VirusTotal website. One such file is named spoolpdf.exe

stf-ifn643-ransomware-virus-total-detections-spoolpdf-exe

Various ways for the spread of the infection of the IFN643 virus exist as well. For instance, the makers of the ransomware might be delivering the payload file through file-share and social media networks. That payload might be hidden as a useful program or file around such platforms for the purpose of infecting more users. You should not open files, if they originate from suspicious places, such as unknown emails and links. Before opening, you should always scan them first with security software and check their size and signatures. You should give the tips for preventing ransomware thread on our forum a read.

IFN643 Ransomware – Description

A new ransomware cryptovirus has been found recently, and it goes by the name of IFN643. The malware researcher from G-data, Karsten Hahn has discovered a malware sample in the wild. The ransomware can launch from from a .pdb file. It encrypts your files and puts an extension of the same name to them. A ransom note appears as a lock screen.

After the IFN643 ransomware executes its payload, it could make entries in the Windows Registry for being more resilient. The registry entries are designed to make this virus start automatically with the booting of the Windows operating system. Next, your files get encrypted, and then the ransom note is displayed on your desktop. The ransom note is in a file called IFN643_Malware_Readme.txt.

You can view the ransom note from the snippet below:

stf-ifn643-malware-readme-ransomware-virus-ransom-message-note

The ransom text reads the following:

Your most critical files have been encrypted 🙂

Send $1000 in Bitcoin to udKNOr3FVaibcNY9ygVhygNfdKIojmVA93A if you need them back.

The ransom note seems short – the price asked is 1000 US dollars. The address given for payment seems off. Do NOT even think of paying the demanded ransom. Nobody can guarantee that by paying you will recover your files. Besides, the criminals will use the money to fund a new ransomware project or other criminal activity.

Currently, a full list of file extensions which the ransomware seeks to lock is not available, but the few ones written below are certainly encrypted:

.doc, .docm, .docx, .ppt, .pps, .pptx, .xls, .xlsx, .jpg, .png, .txt, .rtf, .odt, .psd

Each of the encrypted files will have the .ifn643 extension appended to them, after their original names. The encryption process utilizes the well-known AES encryption algorithm. The ransomware has the same name as the extension it puts to locked files.

The IFN643 ransomware is highly likely to erase the Shadow Volume Copies from the Windows operating system with the following command:

→vssadmin.exe delete shadows /all /Quiet

Keep on reading to see what kinds of methods you can try to possibly restore your files.

Remove IFN643 Virus and Restore .ifn643 Files

If your computer got infected with the IFN643 ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by IFN643 Virus.

Note! Your computer system may be affected by IFN643 Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as IFN643 Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove IFN643 Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove IFN643 Virus files and objects
2. Find files created by IFN643 Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by IFN643 Virus

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...