Decrypting Files After A Findzip ransomware Infection

Findzip ransomware AKA Filecoder was discovered and analyzed on 22 February 2017. According to malware researchers, the malware mostly targeted Mac OSX users. The virus does not communicate with its Command and Control server that means do not have any possibility to decrypt files if users have no data backups.

Recently malware researchers found another flaw in the virus code and revealed data recovery option. This procedure is difficult and very complicated for victims, putting some effort and getting back encrypted files is worth it. The ransomware also behaves quite oddly. When Findzip virus is executed and activated on particular User folder and finishes its task, it will never run again.

Findzip ransomware sneak into the targeted PC through infected or Torrent site as Adobe Premier Pro and Microsoft Office cracks. After get inside the PC, the virus immediately starts encryption procedure. Meanwhile, victims receive a window asking to wait up to 10 minutes while the program patching is over. The ransomware targeted all stored files and encrypt them. Its randomly generated 25 character and adds .crypt file extension. After the successful encryption process, it drops ransom notes on the desktop called README, DECRYPT, and HOW_TO_DECRYPT. Both documents contain full information about its decryption tool and informs that victim’s files have been protected by a strong encryption method. Developer of this ransomware demand to transfer 0.25 Bitcoins within one week time in order to get back the files. Additionally, paying the ransom is not enough victims also send their Bitcoin address and IP to rihofoj@mailinator.com address, and then leave their computer turned on and connected to the Internet for the 24 hours. However, we mentioned at the beginning, the hackers cannot help to decrypt the files after paying the ransom amount.

Some victims get scared and sent to ransom amount for its mentioned address. After paying the amount, they will not able to decrypt the files. In fact, they will lost their files and amount permanently and during the payment procedure it also steal your all confidential information. So, its highly recommended you, never sent ransom amount to the hackers. You should avoid these notification. In future safety, users should make a backup of all stored files.

Leave a Comment

Your email address will not be published. Required fields are marked *