Faizal Ransomware

PC security researchers first observed the Faizal Ransomware, an encryption Trojan, on April 19, 2017. The Faizal Ransomware represents a real threat to computer users because it encrypts their files with a powerful encryption algorithm and then demands the payment of a ransom in exchange for the decryption key. This is an attack strategy that is used by countless ransomware Trojans, including numerous variants of the Faizal Ransomware based on the same open-source ransomware engine.

The Faizal Ransomware Tricks Gamer Affectionate to be Installed on a Computer

The Faizal Ransomware is being distributed using a campaign that targets PC gamers and car racing enthusiasts. The Faizal Ransomware is distributed in the form of a fake installer for a PC game. The Faizal Ransomware's installer is named 'Street Racing Club – SETUP.exe.' However, instead of installing that PC game on the infected computer, the Faizal Ransomware is installed. Fake software installers and similar tactics have been a common way of distributing threats for a very long time. Most the Faizal Ransomware infections have occurred in Indonesia, and the Faizal Ransomware's ransom note is written in Indonesian. However, although the Faizal Ransomware has an East Asian target in its attacks, it is possible that the Faizal Ransomware infections will appear all around the world. After all, the Internet has no national lines or borders mostly, and these threats can spread worldwide very quickly.

How the Faizal Ransomware Infection Works

The Faizal Ransomware is based on HiddenTear, an open source ransomware engine released in 2015 that has spawned countless ransomware variants. The Faizal Ransomware will encrypt files on all local disks, and also will target files shared on the network. The Faizal Ransomware will delete the Shadow Volume Copies of files, which could allow computer users to recover some of the infected files. The Faizal Ransomware uses a strong encryption algorithm to make the victim's files inaccessible completely. One way to determine which files have been encrypted in the Faizal Ransomware attack is that the extension '.gembok' will be added to each file's name. The word 'gembok' is Indonesian for 'locked.' The extension '.locked' has been observed in numerous English language ransomware infections. The Faizal Ransomware after encrypting the victim's files delivers its ransom note in an HTM file named 'PENTING !!!.htm,' which would be translated into English as 'IMPORTANT !!!.htm.' The following short message (originally in Indonesian) is contained in the Faizal Ransomware's ransom note:

'Your files, documents and folders have been LOCKED with a special security system!
To unlock, you need to send a voucher code of 100,000 rupees to the email address: leprogames777@gmail.com'

The Faizal Ransomware demands a ransom extremely small compared to many other ransomware Trojans. The Faizal Ransomware's ransom is equivalent to approximately $7.50 USD, while most ransomware Trojan ransoms are in the $600-$1800 USD range. However, paying the Faizal Ransomware ransom, as with most ransomware Trojans is not safe the con artists will keep their promise and deliver the decryption key needed to recover the infected files.

Protecting Your Data and Computer from a Faizal Ransomware Infection

The best protection against the Faizal Ransomware and other ransomware Trojans is to have file backups on a removable memory device or the cloud (not synchronized automatically, to prevent encryption of the backups themselves). If PC users can recover their files from a backup after an attack easily, then the people responsible for the Faizal Ransomware lose all leverage against the victim that allows them to demand a ransom payment. Apart from the file backups, a reliable security program should be used to intercept the Faizal Ransomware infection before it enters a computer and removes the Faizal Ransomware Trojan itself. It is also essential to avoid downloading pirated software and software from suspicious sources, such as the 'game installer' that is used to deliver the Faizal Ransomware.