Fartplz Ransomware

Fartplz Ransomware Description

The FartPlz Ransomware is a crypto- threat that was reported in the third week of may 2017 and appears to target government agencies and human resources departments of small and medium-sized companies. Apparently, the distributors of the FartPlz Ransomware decided to send spear phishing emails and spam messages to institutions and organizations that are known to process a lot of documents from an unfamiliar sender. The messages carrying the payload for the FartPlz Ransomware are likely to refer to CVs, motivational letters, package delivery and invoices. Usually, threats like the FartPlz Ransomware are installed on systems when the user approves a bad macro script to run from a text document created with Microsoft Word.

Computer security analysts alert that the FartPlz Ransomware is classified as a mid-tier encryption Trojan, which can encrypt data on server platforms and invite users to pay a ridiculous sum of money to have the files restored. The authors of the FartPlz Ransomware programmed the Trojan to use a combination of the AES-256 and RSA-2048 ciphers and block access to data on the compromised machine securely. The FartPlz Ransomware is not as sophisticated as the Cry128 Ransomware or the WannaCryptor Ransomware, but it follows the same guidelines regarding data encryption. The FartPlz Ransomware Trojan scans the system for targeted file types and generates a unique private encryption key, which is used to scramble the content of data containers. The threat produces a public decryption key that is an obfuscated version of the unlock key. The public decryption key is sent to the 'Command and Control' server of the ransomware operators with a POST request. Often, the servers are hosted on the TOR Network to hinder trace-back attempts and allow the threat coders to remain anonymous.

The strange name of the Trojan may be a product of the poor sense of humor of its authors. However, the name is used by PC security analysts since the threat adds a '.fartplz' extension to the filenames of the corrupted objects. Let's say you have a picture of your dog on your desktop, which you took while playing in the local park and saved the photo as 'Bailey May-2017.png.' The file 'Bailey May-2017.png' is renamed to 'Bailey May-2017.png.fartplz.' We have received reports that the FartPlz Ransomware encrypts text, PDFs, databases, presentations, eBooks, images, audio and video on compromised computers. The threat was seen to drop the file 'ReadME_Decrypt_Help_[RANDOM NUMBER].html' on the desktop of infected users. The HTML document is loaded in the default Internet provider and serves as the ransom notification. You will find the text of 'ReadME_Decrypt_Help_[RANDOM NUMBER].html' below:

'What happened to your files?
All your files locked and protected by a strong encryption with RSA-2048 and AES-256 ciphers.
More information about the RSA and AES can be found here:

In summery you can't read or work with your files.But with our help you can recover them.
It is not possible to recover your files without private key and our unlocking software.

How to get private key or unlocking software?
You must pay (.5 Bitcoin per affected computers) OR (30 for all affected computers)
Our Bitcoin wallet is available in our site.

How to Access Our Site?

As you can see, the makers of the FartPlz Ransomware have a poor sense of humor and are pretty greedy. There are not many encryption Trojans that require payment in the range of 2.5 Bitcoin (4558 USD/4093 EUR) and 30 Bitcoin (54,187 USD/48,731 EUR). Fortunately, most users infected with the FartPlz Ransomware have avoided making a payment, and the campaign of the FartPlz Ransomware may be near its end. Experts suggest users perform a backup of their important data and save copies to an offline memory container like a portable HDD/SSD. Threats like the FartPlz Ransomware should not be underestimated, and you can remain one step ahead of them by using an up-to-date anti-malware shield, avoiding spam emails and making sure you have backups available.

Infected with Fartplz Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Fartplz Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 2 + 8 ?