Wildfire Locker Ransomware

Wildfire Locker Ransomware Description

Type: Ransomware

A ransomware threat known as the Wildfire Locker Ransomware has been attacking computer users everywhere. The Wildfire Locker Ransomware uses an asymmetric AES-256 encryption to take over the victims' files. The Wildfire Locker Ransomware can be identified easily because of the pattern it uses when renaming the victims' files. The Wildfire Locker Ransomware appends the string 'the Wildfire_Locker' to the file name, as well as the extension '.wflx.' Once the Wildfire Locker Ransomware has encrypted the victim's files, it delivers three files containing the ransom note, in TXT, HTML and BMP format.

The Threat Contained in the Wildfire Locker Ransomware's Ransom Note

The BMP ransom note associated with the Wildfire Locker Ransomware claims that it is necessary to pay a ransom to decrypt the files that were affected by the Wildfire Locker Ransomware. The TXT file associated with the Wildfire Locker Ransomware is named 'HOW_TO_UNLOCK_FILES_READ_ME' plus a unique identifier. The Wildfire Locker Ransomware's ransom is $299 USD (or Euro, depending on the location of the attack). The Wildfire Locker Ransomware ransom note claims that the ransom amount will increase to $999 if the payment isn't carried out in one week. The Wildfire Locker Ransomware ransom note contains information on how to pay using anonymous means, as well as a countdown clock. The Wildfire Locker Ransomware message offers to decrypt three files for free to prove that the con artists do in fact have the decryption key. This makes the Wildfire Locker Ransomware nearly identical to Zyklon, a ransomware threat uncovered relatively recently as well. You should avoid paying the Wildfire Locker Ransomware ransom since there is no guarantee that the con artists responsible for the attack will keep their promise and deliver the decryption key. Also, paying this ransom amount enables the con artists responsible for the Wildfire Locker Ransomware to continue developing these threats and preying on inexperienced computer users.

Dealing with the Wildfire Locker Ransomware and Similar Threats

The best method for dealing with the Wildfire Locker Ransomware and similar threats is to restore the encrypted files from a backup location. In fact, having a reliable backup system will make computer users invulnerable to these attacks since it will not be necessary to pay the ransom to restore the files. Use a reliable security application to scan the affected computer and prevent these threats from infecting your PC in the first place. The most common distribution methods associated with the Wildfire Locker Ransomware include spam email messages and P2P file sharing networks. Avoiding unsolicited email attachments and these file sharing networks can help computer users to prevent these attacks in the future.

The ransom note associated with the Wildfire Locker Ransomware is displayed below:

All your files have been encrypted by the Wildfire Locker
All your files have been encrypted with an unique 32 characters long password using AES-256 CBC encryption.
The only way to get your files back is by purchasing the decryption password!
The decryption password will cost $/€299.
You have untill woensdag 6 juli 2016 UTC before the price increases to $/€999!
Antivirus software will NOT be able to recover your files! The only way to recover your files is by purchasing the decryption password.
Personal ID: -
Visit one of the websites below to purchase your decryption password!
If these websites don't work follow the steps below
1. Download the TOR Browser Bundle hxxps://www.torproject.org/projects/torbrowser.html.en#downloads
2. Install and then open the Tor Browser Bundle.
3. Inside the Tor Browser Bundle navigate to gsxrmcgsygcxfkbb.onion/

Once the victims follow the instructions and connect to the payment site, they will be greeted with the following content:

Wildfire Locker payment page
You are able to unlock your files by paying 0.5 Bitcoins (~€297.5 / $330)
If payment is not made before 08 July 2016 09:48:04 UTC the cost of decrypting your files will rise to 1.5 Bitcoins (~€892.5 / $990)!
On this page you will be able to purchase the unique decryption password and decryption software to unlock your files.
After you have paid the requested amount in bitcoins click the confirm payment button at the bottom of the page and your unique decryption password will appear alongside a download link for the decryption software.
If you have any questions do not hesistate to contact us by clicking here.
You are able to decrypt/unlock 2 files for free by clicking here.

Computer users should backup their files and take steps to ensure that their computers are protected from these threats adequately.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Wildfire Locker Ransomware

File System Details

Wildfire Locker Ransomware creates the following file(s):
# File Name MD5 Detection Count
1 file.exe b3e87ca5dbff56af6c65b80a5584b98d 0
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.