Faizal Ransomware

Faizal Ransomware Description

PC security researchers first observed the Faizal Ransomware, an encryption Trojan, on April 19, 2017. The Faizal Ransomware represents a real threat to computer users because it encrypts their files with a powerful encryption algorithm and then demands the payment of a ransom in exchange for the decryption key. This is an attack strategy that is used by countless ransomware Trojans, including numerous variants of the Faizal Ransomware based on the same open-source ransomware engine.

The Faizal Ransomware Tricks Gamer Affectionate to be Installed on a Computer

The Faizal Ransomware is being distributed using a campaign that targets PC gamers and car racing enthusiasts. The Faizal Ransomware is distributed in the form of a fake installer for a PC game. The Faizal Ransomware's installer is named 'Street Racing Club – SETUP.exe.' However, instead of installing that PC game on the infected computer, the Faizal Ransomware is installed. Fake software installers and similar tactics have been a common way of distributing threats for a very long time. Most the Faizal Ransomware infections have occurred in Indonesia, and the Faizal Ransomware's ransom note is written in Indonesian. However, although the Faizal Ransomware has an East Asian target in its attacks, it is possible that the Faizal Ransomware infections will appear all around the world. After all, the Internet has no national lines or borders mostly, and these threats can spread worldwide very quickly.

How the Faizal Ransomware Infection Works

The Faizal Ransomware is based on HiddenTear, an open source ransomware engine released in 2015 that has spawned countless ransomware variants. The Faizal Ransomware will encrypt files on all local disks, and also will target files shared on the network. The Faizal Ransomware will delete the Shadow Volume Copies of files, which could allow computer users to recover some of the infected files. The Faizal Ransomware uses a strong encryption algorithm to make the victim's files inaccessible completely. One way to determine which files have been encrypted in the Faizal Ransomware attack is that the extension '.gembok' will be added to each file's name. The word 'gembok' is Indonesian for 'locked.' The extension '.locked' has been observed in numerous English language ransomware infections. The Faizal Ransomware after encrypting the victim's files delivers its ransom note in an HTM file named 'PENTING !!!.htm,' which would be translated into English as 'IMPORTANT !!!.htm.' The following short message (originally in Indonesian) is contained in the Faizal Ransomware's ransom note:

'Your files, documents and folders have been LOCKED with a special security system!
To unlock, you need to send a voucher code of 100,000 rupees to the email address: leprogames777@gmail.com'

The Faizal Ransomware demands a ransom extremely small compared to many other ransomware Trojans. The Faizal Ransomware's ransom is equivalent to approximately $7.50 USD, while most ransomware Trojan ransoms are in the $600-$1800 USD range. However, paying the Faizal Ransomware ransom, as with most ransomware Trojans is not safe the con artists will keep their promise and deliver the decryption key needed to recover the infected files.

Protecting Your Data and Computer from a Faizal Ransomware Infection

The best protection against the Faizal Ransomware and other ransomware Trojans is to have file backups on a removable memory device or the cloud (not synchronized automatically, to prevent encryption of the backups themselves). If PC users can recover their files from a backup after an attack easily, then the people responsible for the Faizal Ransomware lose all leverage against the victim that allows them to demand a ransom payment. Apart from the file backups, a reliable security program should be used to intercept the Faizal Ransomware infection before it enters a computer and removes the Faizal Ransomware Trojan itself. It is also essential to avoid downloading pirated software and software from suspicious sources, such as the 'game installer' that is used to deliver the Faizal Ransomware.

Infected with Faizal Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Faizal Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Faizal Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 file.exe 3,095,040 09673269b81b8b90e425bd568c06d61c 14

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 2 + 8 ?