Remove Faizal Ransomware and Retrieve File Having ‘.gembok’ Extension

Prime Goal of Faizal Ransomware

Faizal Ransomware – a data encoder virus, first surfaced on April 19th, 2017. It is primarily distributed active members of Computer gaming community who especially like Car racing. During online research we found evidence that points out toward a ransomware installer package named as 'Street Racing Club'. The malicious Street Racing Club – SETUP.exe could be delivered to the game players via PC gaming community or emails. Apparently, cyber crooks have trojanized GameHitStudio's game – Street Racing Club with Faizal Ransomware. Thus, game players who download trojanized copy of the game may unknowingly install Faizal file encoder virus to their computers. Preliminary analysis revealed that the file encoder virus is aimed PC users who reside in Southeast Asia, especially in Indonesia. Its ransom note is written in Indonesian and English languages and 'Faizal' sounds like a Muslim hacker's name. Malware researcher suspect that campaigns to distribute Faizal ransomware may next target countries in Europe, Central Asia and North America in a short period of time.

Faizal Ransomware

Indeed, just like other ransomware, this Indonesian-made ransomware has been released to collect ransom money in form of a Voucher code must worth Rs. 1,00,000 from the victims. In fact, the ransomware is based on HT project and it makes use of a custom AES-256 cipher to encrypt files and generate secured private key. Even, the ransomware appends '.gembok' weird extension to mark encrypted files. You should note that 'gembok' is an Indonesian word that means 'locked'. The ransomware is surely dominating infamous file encoders like Cerber ransomware and lock variants. Further, remember that Faizal Ransomware may run on your computer as hidden-tear.exe from the AppData directory and attempt to remove data recovery copies made by Windows or Shadow Volume copies. The ransomware then drop a ransom note file named as Important!!!!.htm and PENTING!!!!.htm in both English and Indonesian language which features following texts:

'Your files, documents and folders have been LOCKED with a special security system!
To unlock, you need to send a voucher code of 100,000 rupees to the email address:
[email protected]'

Few ways to deal with Faizal Ransomware

Faizal file encoder virus has no bug. Though, data recovery may become nearly impossible. As we mentioned, it deletes Shadow volume copies from your infected drives. However, if you have a fair backup copy of your data, then your can simply restore data after removing the ransomware completely from your computer. To avoid ransomware attacks, you should never download a corrupted copy of Street Racing Club game from its unofficial websites. Also while checking spam emails, do not double click suspicious attachments without verifying the source first. Above all, you should keep trustworthy Antivirus software installed and activated on your computer always. At this time, we advise you to make use of following instruction and delete Faizal Ransomware from your computer and try to restore your files.


Free Scan your Windows PC to detect Faizal Ransomware


Free Scan your Windows PC to detect Faizal Ransomware

A: How To Remove Faizal Ransomware From Your PC

Step: 1 How to Reboot Windows in Safe Mode with Networking.

  • Click on Restart button to restart your computer
  • Press and hold down the F8 key during the restart process.

Step 1 Safe Mode

  • From the boot menu, select Safe Mode with Networking using the arrow keys.

Safe mode

Step: 2 How to Kill Faizal Ransomware Related Process From Task Manager

  • Press Ctrl+Alt+Del together on your keyboard

TM 1

  • It will Open Task manager on Windows
  • Go to Process tab, find the Faizal Ransomware related Process.


  • Now click on on End Process button to close that task.

Step: 3 Uninstall Faizal Ransomware From Windows Control Panel

  • Visit the Start menu to open the Control Panel.

Win 7 CP 1

  • Select Uninstall a Program option from Program category.

Win 7 CP 2

  • Choose and remove all Faizal Ransomware related items from list.

Win 7 CP 3

B: How to Restore Faizal Ransomware Encrypted Files

Method: 1 By Using ShadowExplorer

After removing Faizal Ransomware from PC, it is important that users should restore encrypted files. Since, ransomware encrypts almost all the stored files except the shadow copies, one should attempt to restore original files and folders using shadow copies. This is where ShadowExplorer can prove to be handy.

Download ShadowExplorer Now


  • Once downloaded, install ShadowExplorer in your PC
  • Double Click to open it and now select C: drive from left panel


  • In the date filed, users are recommended to select time frame of atleast a month ago
  • Select and browse to the folder having encrypted data
  • Right Click on the encrypted data and files
  • Choose Export option and select a specific destination for restoring the original files

Method:2 Restore Windows PC to Default Factory Settings

Following the above mentioned steps will help in removing Faizal Ransomware from PC. However, if still infection persists, users are advised to restore their Windows PC to its Default Factory Settings.

System Restore in Windows XP

  • Log on to Windows as Administrator.
  • Click Start > All Programs > Accessories.


  • Find System Tools and click System Restore


  • Select Restore my computer to an earlier time and click Next.


  • Choose a restore point when system was not infected and click Next.

System Restore Windows 7/Vista

  • Go to Start menu and find Restore in the Search box.

system restore


  • Now select the System Restore option from search results
  • From the System Restore window, click the Next button.

  • Now select a restore points when your PC was not infected.

  • Click Next and follow the instructions.

System Restore Windows 8

  • Go to the search box and type Control Panel

  • Select Control Panel and open Recovery Option.

  • Now Select Open System Restore option

  • Find out any recent restore point when your PC was not infected.

  • Click Next and follow the instructions.

System Restore Windows 10

  • Right click the Start menu and select Control Panel.

  • Open Control Panel and Find out the Recovery option.

  • Select Recovery > Open System Restore > Next.

  • Choose a restore point before infection Next > Finish.

Method:3 Using Data Recovery Software

Restore your files encrypted by Faizal Ransomware with help of Data Recovery Software

We understand how important is data for you. Incase the encrypted data cannot be restored using the above methods, users are advised to restore and recover original data using data recovery software.

Download Data Recovery Software