CoNFicker Ransomware: How to Uninstall It and Retrieve Enciphered Files

Deeply Know About CoNFicker Ransomware

 

Another file encoding virus, CoNFicker Ransomware is in the wild using a 256-bit long key to encipher compatible files and generate highly secured decryption key (private key) and store the key on Command and Control server. So that, except the hackers, none gets to access or break the private key. However, the ransomware also generate public key (unique ID) for each victim separately. The public key is actually used for identifying the victim’s computer whereas private key is used to decipher files. Due to implementation of custom AES-256 cipher, you won’t be able to break out the private key ever. But malware researcher always release free decryptor for the most infamous viruses. Hence, you don’t need to pay ransom to retrieve your encrypted files. Either you can wait till free decryptor is released or you can utilize alternative options to bring corrupted files back to life. First things first, we recommend you to gather needful information first and then proceed CoNFicker Ransomware removal and data recovery procedures.

Apparently, it was first spotted on April 17^th, 2017. This program is totally independent and distributed with a massive malvertising – spam campaigns. During initial analysis, we found that CoNFicker Ransomware mostly gets installed through a macro-enabled document and a trojanized copy of WinRAR by Win.rarGmNH. In fact, the ransomware is similar to Odin ransomware and it deletes Shadow Volume Copies created by Windows for data recovery process. It mean, shadow copies of all important files including documents, programs, saved games, databases, Windows Configuration will be permanently deleted from your computer or replaced with enciphered files. Evidently, we have seen that CoNFicker file encoder virus aims to encipher commonly used data containers associated with programs like Microsoft Office, Adobe Acrobat Reader, 7Zip, Adobe Photoshop, Windows Photo and Media Players. You should note that it can encode over 100 types of files on the infected computer.

CoNFicker Ransomware – Few Highlights

The ransomware drops Decrypt.txt file on your desktop which contains ransom note and instruction on how to get back your files. According to its ransom note, you need to pay 0.5 BTC (roughly $600 USD) as ransom to receive CoNFicker Ransomware decryptor software or private key in case you agreed to pay ransom. Have a look at following ransom note:

“C_o_N_F_i_c_k_e_r R_A_N_S_O_M_W_A_R_E 
##### 
Attention! Attention! Attention! Your Files has been encrypted By C_o_N_F_i_c_k_e_r R_A_N_S_O_M_W_A_R_E 
##### 
Send 0.5 Bitcoin To @ 1sUCn6JYa7B96t4nZz1tX5muU2W5YxCmS @ 
##### 
And Contact us By Email : 
[email protected] 
If Send 0.5 Bitcoin We will send you the decryption key C_o_N_F_i_c_k_e_r Decryptor”

Even, you pay of ransom, there is no guarantee that hackers will deliver you decryptor software. Thus, we recommend you to delete CoNFicker Ransomware and try to retrieve your files using following instructions:

Free Scan your Windows PC to detect CoNFicker Ransomwar

 

What To Do If Your PC Get Infected By CoNFicker Ransomwar

The ransomware infection has been mainly designed with the purpose to scare users and trick their money. It take your files on hostage and demand ransom to return your important data. But now the question is what you can do when your system got infected by CoNFicker Ransomwar virus? Here are some option that you can use to get rid of this nasty infection.

Don’t Panic – Well the first thing is Don’t panic and then completely check out your system for any working files. If you got any working files then copy it to USB drive.

Pay Ransom – Other option is you can pay the ransom and wait to get your files back. (really a bad option)

Use Backup – Clean you entire system files, remove the infection completely from your PC and restore your files with any backup.

Remove Infection – You can also delete CoNFicker Ransomwar virus using malware removal tool and remove all the infected files. You can later recover all your data by using any data recovery tool. (In case you don’t have backup of your files.) – Recommended Method.

Reinstall Windows – The last option is reinstall your Windows OS. It will completely remove all your data as well as infection. You will get a completely new infection free PC.

How To Remove CoNFicker Ransomwar Virus From Your PC

Step 1 – Boot your computer in Safe mode.

Step 2 – Remove the infected registry entry files.

• Click Windows Flag and R button together.

• Type “regedit” and click OK button

• Find and delete following entries.

HKEY_LOCAL_MACHINESOFTWAREsupWPM

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWpm

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Default_Page_URL”

HKEY_LOCAL_Machine\Software\Classes\[CoNFicker Ransomwar]

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\[CoNFicker Ransomwar]

Step 3 – Remove From msconfig

• Click Windows + R buttons simultaneously.

• Type msconfig and press Enter

• Go to Startup tab and uncheck all entries from unknown manufacturer.

Step 4 – Restart your computer normally.

Check your computer now. If the virus has gone then you can start using your computer. If the infection still remains then head to the next step.

Step 5 – System Restore

• Insert Windows installation disk to CD drive and restart your PC.
• While system startup, keep pressing F8 or F12 key to get boot options.
• Now select the boot from CD drive option to start your computer.
• Then after you will get the System Recovery Option on your screen.
• Select the System Restore option from the list.
• Choose a nearest system restore point when your PC was not infected.
• Now follow the option on your screen to Restore your computer.

If the above manual methods didn’t removed CoNFicker Ransomwar virus then you have only option to remove infection using a malware removal tool. It is last and the only option that can easily and safely remove this nasty threat from your computer.

Having some alarming questions in your mind? Get your doubt cleared from our experienced tech support experts. Just go to the Ask Your Question section, fill in the details and your question. Our expert team will give you detailed reply about your query.