Threat Summary of FlatChestWare Ransomware
|Symptoms||Files with name .flat as extension|
|Distribution||Spam email campaigns, installing fake updates|
|Removal||Possible using Manual and automatic|
In-Depth Analysis of FlatChestWare Ransomware
FlatChestWare Ransomware is yet another infamous example of Hidden Tear based project which is an open source project. It was detected in last week of August 2017. Like other hidden tear variants it also make use of AES 256 Emcryption and renders user's important data useless. Once these files are held hostage, users are compelled to pay the ransom amount of $ 250 in Bitcoins. This payment is demanded by the FlatChestWare Ransomware hackers as fee for decryption key which is the only way to decrypt the enciphered files. It does not shy to attack and target both small as well as medium Business firm. Exploiting of vulnerabilities as Remote Desktop Protocol (RDP) is one aspect where ransom virus such as FlatChestWare is so good at.
Screenshot of Ransom Message Displayed By FlatChestWare Ransomware
Modus Operandi Carried Out by FlatChestWare Ransomware
As soon as the system has been compromised by FlatChestWare Ransomware, it leaves no stones unturned to target stored files and data stored on that very PC. The whole list of files to be targeted is there in its list and it does not leaves any chance to make victims pay for restoring their own files and data as soon as they can. It enciphers files by dropping 'flat' extension at the end of targeted files. It has been reported that such ransomware strikes PC by employing gimmick and displaying fake alert that Windows update is available and users should start their PC to install these updates. This is where users fall prey and turn out to be a victim of FlatChestWare Ransomware attack. What more terrible is the fact, that once the system is restarted the malware will target the shadow copy of the files and even delete them. This is why users get panic and do not think twice before paying the ransom.
What To Do When FlatChestWare Ransomware Attacks PC?
Users are suggested not to get panic as FlatChestWare Ransomware has been poorly crafted and it is possible to remove FlatChestWare Ransomware by following the instructions given below. Fortunately, it is also now possible to restore the files that have been targeted and attacked by this ransom virus by using decryptor tool which has been released by malware research experts. However, users must stress on keeping regular backup of all important data every time before switching off their PC. This will definitely give them an edge and will help in restoring data easily. Users can also opt for automatic malware detection if they are finding manual steps complicated. Good luck!
A: How To Remove FlatChestWare Ransomware From Your PC
Step: 1 How to Reboot Windows in Safe Mode with Networking.
- Click on Restart button to restart your computer
- Press and hold down the F8 key during the restart process.
- From the boot menu, select Safe Mode with Networking using the arrow keys.
Step: 2 How to Kill FlatChestWare Ransomware Related Process From Task Manager
- Press Ctrl+Alt+Del together on your keyboard
- It will Open Task manager on Windows
- Go to Process tab, find the FlatChestWare Ransomware related Process.
- Now click on on End Process button to close that task.
Step: 3 Uninstall FlatChestWare Ransomware From Windows Control Panel
- Visit the Start menu to open the Control Panel.
- Select Uninstall a Program option from Program category.
- Choose and remove all FlatChestWare Ransomware related items from list.
B: How to Restore FlatChestWare Ransomware Encrypted Files
Method: 1 By Using ShadowExplorer
After removing FlatChestWare Ransomware from PC, it is important that users should restore encrypted files. Since, ransomware encrypts almost all the stored files except the shadow copies, one should attempt to restore original files and folders using shadow copies. This is where ShadowExplorer can prove to be handy.
- Once downloaded, install ShadowExplorer in your PC
- Double Click to open it and now select C: drive from left panel
- In the date filed, users are recommended to select time frame of atleast a month ago
- Select and browse to the folder having encrypted data
- Right Click on the encrypted data and files
- Choose Export option and select a specific destination for restoring the original files
Method:2 Restore Windows PC to Default Factory Settings
Following the above mentioned steps will help in removing FlatChestWare Ransomware from PC. However, if still infection persists, users are advised to restore their Windows PC to its Default Factory Settings.
System Restore in Windows XP
- Log on to Windows as Administrator.
- Click Start > All Programs > Accessories.
- Find System Tools and click System Restore
- Select Restore my computer to an earlier time and click Next.
- Choose a restore point when system was not infected and click Next.
System Restore Windows 7/Vista
- Go to Start menu and find Restore in the Search box.
- Now select the System Restore option from search results
- From the System Restore window, click the Next button.
- Now select a restore points when your PC was not infected.
- Click Next and follow the instructions.
System Restore Windows 8
- Go to the search box and type Control Panel
- Select Control Panel and open Recovery Option.
- Now Select Open System Restore option
- Find out any recent restore point when your PC was not infected.
- Click Next and follow the instructions.
System Restore Windows 10
- Right click the Start menu and select Control Panel.
- Open Control Panel and Find out the Recovery option.
- Select Recovery > Open System Restore > Next.
- Choose a restore point before infection Next > Finish.
Method:3 Using Data Recovery Software
Restore your files encrypted by FlatChestWare Ransomware with help of Data Recovery Software
We understand how important is data for you. Incase the encrypted data cannot be restored using the above methods, users are advised to restore and recover original data using data recovery software.