Faizal Ransomware

Faizal Ransomware Description

The Faizal Ransomware is an encryption Trojan that surfaced on April 19th, 2017. The threat at hand may be distributed to members of the PC gaming community who like car racing. We have received reports that the Faizal Ransomware may be provided to users as an installer package named 'Street Racing Club - SETUP.exe,' which is supposed to include a copy of the 'Street Racing Club' game by GameHitStudio. Unfortunately, gamers may download a corrupted copy of 'Street Racing Club - SETUP.exe' and install the Faizal Ransomware on their PCs. Preliminary analysis showed that the Faizal Ransomware might be aimed at users in Southeast Asia considering that most infections are based in Indonesia, and the ransom request is written in Indonesian. However, the campaign to spread the Faizal Ransomware may expand to countries in Europe, Central Asia, and North America in a few hours.

Computer security analysts warn that the Faizal Ransomware is based on the HiddenTear project and can encrypt files on the local disks, removable storage, and network shares connected to the machine. When the Faizal Ransomware Trojan is installed on the PC, it may run as 'hidden-tear.exe' from the AppData directory and attempt to delete recovery copies of your data such as the Shadow Volume Copies within Windows and archive vaults made with third-party tools. The Faizal Ransomware is reported to attach the '.gembok' suffix to files it has encrypted. The word 'gembok' translates in English from Indonesian as 'locked.' Thus, 'Anggrek Pria Telanjang.png' is renamed to 'Anggrek Pria Telanjang.png.gembok' or in English 'The Naked Man Orchid.png' becomes 'The Naked Man Orchid.png.locked.' The demands of the crypto-threat authors are presented as 'PENTING !!!.htm,' which translates into English as 'Important !!!.htm.' The file is essentially an offline Web page that serves as the ransom note. The document packed as 'PENTING !!!.htm' offers a short message that says (translated version):

'Your files, documents and folders have been LOCKED with a special security system!
To unlock, you need to send a voucher code of 100,000 rupees to the email address: leprogames777@gmail.com'

Evidently, the Faizal Ransomware works the same way as the 'fantomd12@yandex.ru' Ransomware and the 'grapn206@india.com' Ransomware. Infected users are directed to buy a voucher priced at 100,000 Indonesian Rupees that is equal to 7,50 USD. To put the ransom fee into perspective — the average salary in Indonesia for 2016 is 16,220,439 IDR that is 1216 USD. As you can imagine it is not unreasonable to say that the fee is more than generous, but the act of data corruption performed by the Trojan remains an actionable offense. PC users that are willing to protect their data against the Faizal Ransomware should make backups regularly and protect their systems using a trusted anti-malware shield. AV tools may detect the objects related to the Faizal Ransomware as:

  • HEUR:Trojan.Win32.Generic
  • MSIL:Ransom-J [Trj]
  • Ransomware-FTD!09673269B81B
  • TrojWare.MSIL.Ransom.Ryzerlo.A
  • Trojan ( 004cd5d01 )
  • Trojan.Filecoder!cNOmufmPGxg
  • Trojan.Ransom.HiddenTears.1
  • Trojan.Win32.Z.Ransom.3095040[h]
  • W32/Generic.A!tr
  • W32/Ransom.YVOI-7852

Infected with Faizal Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Faizal Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Faizal Ransomware outbreaks and other threats from global to local level.

File System Details

Faizal Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 file.exe 3,095,040 09673269b81b8b90e425bd568c06d61c 14

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 9 + 3 ?