FlatChestWare Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 4 |
First Seen: | August 23, 2017 |
Last Seen: | October 14, 2021 |
OS(es) Affected: | Windows |
The FlatChestWare Ransomware is an encryption ransomware Trojan that was first observed by PC security analysts in the final week of August 2017. The FlatChestWare Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The FlatChestWare Ransomware demands the payment of 250 USD in Bitcoins, in exchange for the decryption key that is necessary to recover the encrypted files. The FlatChestWare Ransomware is based on HiddenTear, an open source ransomware engine that has been responsible for countless ransomware variants since its initial release in 2015. The FlatChestWare Ransomware seems to belong to a larger threat campaign that has been ongoing in the summer of 2017, targeting small and medium sized businesses by exploiting weak RDP (Remote Desktop Protocol) connections to install threats like the FlatChestWare Ransomware.
Table of Contents
How the FlatChestWare Ransomware Carries out Its Attack
Once the FlatChestWare Ransomware has been installed on the victim's computer, it will initiate its attack. To do this, the FlatChestWare Ransomware will generate an encryption key and create a list of files to target on the victim's computer. The FlatChestWare Ransomware will use the AES 256 encryption to make the victim's files inaccessible and files encrypted in the FlatChestWare Ransomware attack will be marked with the file extension '.flat,' added to the end of each affected file's name. In its attack, the FlatChestWare Ransomware will display a bogus dialog box from the Windows Update, which claims that the victim must restart Windows to install new updates. Restarting the infected computer allows the FlatChestWare Ransomware to delete files, as well as the Shadow Volume Copies of the targeted files, making it even more difficult to recover from a FlatChestWare Ransomware attack. This fake Windows User Account Control notification is designed to look like the real thing and displays the following message:
'Windows Update
Restart your computer to finish installing important updates
Windows can't update important files and services while the system is using them. Make sure to save your files before restarting.
[Restart now|button] [Postpone|button]'
After the infected computer is rebooted, the FlatChestWare Ransomware will display a ransom note, which demands the payment of a ransom from the victim.
The FlatChestWare Ransomware’s Ransom Demands
The FlatChestWare Ransomware displays its ransom demand in a program window that is titled 'FlatChestWare.' Below is the full text of the FlatChestWare Ransomware ransom notification:
'Your personal files have been encrypted. these files being photos, videos, downloads, documents, and many other files. Please do not attempt to remove this program. any attempt to remove it could cause you to be unable to recover your personal files. Only our service can decrypt your files. so disable your anti-virus and make no attempt to tamper with anything we have done.
Oh and dont feel bad for clicking 'Restart Now' we were already encrypting your files as soon as the application launched.
Click the [HELP] button below if you wish to recover your files.
Bitcoin Address:
[RANDOM CHARACTERS]
[Decrypt|button] [Verify payment|button] [Help|button]'
Computer users must disregard the FlatChestWare Ransomware ransom note and avoid paying this ransom.
Dealing with the FlatChestWare Ransomware
Fortunately, the FlatChestWare Ransomware Trojan is poorly implemented, and it is possible for computer users to restore their files after an attack. A FlatChestWare Decryptor has been released by malware researchers, which can help computer users restore files compromised by the FlatChestWare Ransomware attack. It is, however, necessary to understand that an updated version of the FlatChestWare Ransomware may be released, which bypasses the existing decryption program. Because of this, take standard precautions against encryption ransomware Trojans. The best protection against threats like the FlatChestWare Ransomware is to have file backups of your files. Having file backups means that you can restore your files from the backup without having to pay the FlatChestWare Ransomware ransom. Apart from this, a reliable security program that is fully up-to-date can help prevent the FlatChestWare Ransomware and other infections.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.