Threat Database Ransomware FLYU Ransomware

FLYU Ransomware

The FLYU Ransomware is yet another potent ransomware threat spawned from the prolific Dharma malware family. FLYU doesn't deviate much from the established formula for Dharma Ransomware variants. The FLYU Ransomware encrypts the files on the compromised computer and demands a ransom payment in exchange for their restoration. All encrypted files will have their original filenames modified significantly. The FLYU Ransomware will append a unique string representing the specific victim's ID, followed by an email address that belongs to the hackers, and finally '.FLYU' as a new extension. The email address used in the naming of the locked files is ''

The FLYU Ransomware deploys two different ransom notes with instructions for its victims. The first one is dropped as a text file named 'FILES ENCRYPTED.txt' in every folder containing the compromised data. As far as useful information goes, it simply provides two email addresses that should be used for communication - and The basic instructions are delivered in a pop-up window. There, the FLYU Ransomware victims are told to use the second email address only if a response didn't arrive within 12 hours from sending an email to the first address. The note doesn't mention a specific sum, or if the payment must be made in Bitcoin or any other cryptocurrency.

The instructions found in the text file are:

'all your data has been locked us

You want to return?

write email or'

The full text of the pop-up note is:


Don't worry,you can return all your files!

If you want to restore them, follow this link: email YOUR ID -

If you have not been answered via the link within 12 hours, write to us by


Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a tactic.'


Most Viewed