The FilesEncrypted Ransomware is a severe threat that has been detected in the wild. It begins its operation on the breached devices by encrypting the files stored there and adding the ".filesencrypted" extension to their filenames. The FilesEncrypted Ransomware appears to be targeting companies rather than home users, as evidenced by the message demanding a ransom payment named 'how_to_back_files.html,' which is dropped onto the desktop of the infected systems. The FilesEncrypted Ransomware is a threatening variant from the MedusaLocker Ransomware family.
The Demands of the FilesEncrypted Ransomware
Victims of the Filesencrypted Ransomware are left with a message claiming that the only way to recover the locked data is by paying a ransom for obtaining decryption tools from the attackers. The threat actors warn that they have collected important data that will supposedly be revealed to the public or sold to interested parties in case victims refuse to pay up.
According to the threat, any attempts to modify or decrypt the affected files will result in them being damaged beyond repair. The malware's note also states that if contact with the cybercriminals is not established within 72 hours, the ransom amount will increase. Two emails are mentioned as ways to reach the attackers - 'firstname.lastname@example.org' and 'email@example.com.'
However, even if victims pay, they may not receive the promised decryption keys/software. It is strongly advised against paying the ransom, as it supports illegal activities. Keep in mind that removing FilesEncrypted from the breached system will prevent further encryption from taking place, but it will not restore any of the already compromised files.
Tips to Prevent Attacks from the FilesEncrypted Ransomware
Ransomware attacks are serious cyber threats that can have devastating consequences on businesses, institutions, and individuals. In a ransomware attack, data is encrypted or taken hostage in exchange for a ransom payment. There are several easy-to-implement tips that can help reduce your risk of experiencing an attack.
- Back Up Your Data Regularly
Backing up your data regularly is one of the most necessary steps you can take to protect against a ransomware attack. Having regular backups means that if you do suffer an attack and lose your data, you'll still have your files stored online or on-site in secure external storage devices – rather than having them all wiped away due to encryption of the malicious software.
- Install an Anti-Malware Software
Having up-to-date anti-malware software installed on all workstations and network infrastructure also will help protect against ransomware threats. These programs typically provide comprehensive protection by using heuristic scanning techniques, as well as signature-based detection methods. Additionally, security solutions are continuously being updated to detect newly identified threats before they can cause any harm.
The full ransom note shown to victims of the FilesEncrypted Ransomware is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
Start a chat and follow the further instructions.
If you can not use the above link, use the email:
To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'