‘FBLocker’-Threat In Detail
FBLocker is a new Facebook-themed Ransomware that encrypts the data on the target PC using .facebook file extension. The encrypted files are no more accessible by the users. But the main intention of the ransomware is not only demand ransom but is more like showing hate towards the Facebook social networking site. This is because the reason FBLocker ransomware does not save any decryption key for the encrypted files. It uses multi-layer encryption process to generate a separate key for each encrypted files, so that the victims have no any option to recover the files even after paying the ransom.
The payload of FBLocker ransomware is distributed by the name of genuine windows file “SvcHost.exe” file. You can get this infection through spam mail attachments that appear on your inbox subjected as “URGENT” or “IMPORTANT”. The spammers may also use the name of genuine companies like Microsoft or any invoice from Amazon. Users quickly believe on such spams and click on the attachment to download on their PC.
Not only that, the fake version of SvcHost.exe file is also disguised in the name of Windows updates which is absolutely fake. You may receive pop-ups while visiting any infected website that asks users to “Update your Windows”. As soon as user clicks on the update button/link it will redirect to a fake website with MicrosoftWindowsOperating System installer.
Unfortunately, if the user downloads the file, then the malicious svchost.exe payloads will be executed on your system. Soon after that, it starts encrypting data like documents, photos, videos, PDFs and so on with multi-layered cryptography and append “.facebook” file extension to them. Not only that, FBLocker ransomware also tampers other crucial windows system files like Windows Registries, other executable files, Windows boot processes, anti-virus programs and others.
FBLocker ransomware leaves a ransom note on the lock screen having a photo of Mark Zuckerberg. The note is originally written in Russian language and then translated to English using using Google Translator.
The note states:
What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Do not waste your time looking for a way to recover your files. Nobody can recover your files.
Can I Recover My Files?
No. My name is Mark Zuckerberg, and I have encrypted your files without saving any encryption keys. I appreciate you executing my program because you have allowed me to ruin more lives.
“A squirrel dying in front of your house may be more relevant to your interests right now than people dying in Africa.”
Unfortunately, the ransomware stores no any encryption keys anywhere, not even on their remote servers. The developers of this ransomware are very skilled as they used multi-layered encryption process to encrypt the files locked the files with unique key for each file. So, there is no way to recover the files, however you can attempt recovering the data from some renowned software programs explained at the end of the article.
Removing FBLocker ransomware virus from the infected PC is a tricky process too, as it shuts down the installed anti-virus programs. So, you need to reboot your PC into “Safe Mode with Networking” and then download the anti-virus program provided below to detect and remove this threat.