FXLocker is a ransomware-type program designed to encrypt files on an infected computer and demand a ransom for decryption. This malicious software adds a “.fxlocker” extension to encrypted files and delivers a ransom note through a pop-up window and a text file named “README.txt”. The note demands 0.75892 BTC (over $73,000 at the time of writing) for file recovery.
FXLocker Ransomware Overview
| Attribute | Details |
|---|---|
| Name | FXLocker Ransomware |
| Threat Type | Ransomware, Crypto Virus, File Locker |
| Encrypted File Extension | .fxlocker |
| Ransom Note File Name | README.txt |
| Ransom Amount | 0.75892 BTC (approx. $73,000) |
| Free Decryptor Available? | No |
| Cyber Criminal Contact | haxcn@proton.me, wikicn@proton.me |
| Detection Names | Avast (FileRepMalware [Ransom]), ESET-NOD32 (Python/Filecoder.ATJ), Kaspersky (HEUR:Trojan-Ransom.Python.Agent.gen), Malwarebytes (Agent.Spyware.Stealer.DDS), Microsoft (Trojan:Win32/Wacatac.B!ml) |
| Symptoms of Infection | Encrypted files with “.fxlocker” extension, ransom note displayed in pop-up and README.txt file, inaccessible files. |
| Damage | Data encryption, potential data loss, risk of additional malware infections. |
| Distribution Methods | Malicious email attachments, torrent downloads, fake software updates, malicious ads. |
| Danger Level | Severe |
How FXLocker Ransomware Operates
Upon successful infiltration, FXLocker encrypts files using strong cryptographic algorithms and appends the ".fxlocker" extension to each encrypted file. It then creates a ransom note that instructs the victim on how to pay the ransom for file recovery.
The ransom note appears in a pop-up window and a text file named "README.txt". Below is the full text of the FXLocker ransomware's message:
[NOTICE]
Your system has been encrypted by FXLocker.
Please follow the payment instructions to recover your files.
[INSTRUCTIONS]\n1. Payment amount: 0.75892 BTC\n2. Bitcoin Address: 1FxA6Eaa\n3. Payment Deadline: 2025-02-17
Contact Support with your Reference ID to obtain the decryption keys.
[INFORMATION]
Reference ID: NJQPTUJC6FFOVFIV
[WARNINGS]
- Failing to complete payment within the deadline may lead to permanent data loss.
- Do not rename encrypted files; this can prevent decryption.
[CONTACT SUPPORT]
haxcn@proton.me, wikicn@proton.me
[NOTICE]
You have until 2025-02-17 to complete the payment. Failure to comply will result in the permanent loss of your files.
***************************************************
* PAY ATTENTION *
***************************************************
Please do not close this window or restart your computer.
Every action you take could result in permanent loss of your data.
Click the 'Contact Support' button below to secure your files.
***************************************************Distribution Methods of FXLocker Ransomware
FXLocker is distributed through various methods, including:
- Phishing Emails: Malicious attachments or links embedded in seemingly legitimate emails.
- Trojans: Malicious software that downloads additional payloads, including ransomware.
- Drive-by Downloads: Unintentional downloads when visiting compromised websites.
- Pirated Software: Files downloaded from unreliable sources, such as torrent sites.
- Fake Software Updates: Deceptive pop-ups that urge users to update software, which instead downloads malware.
Comprehensive Guide to Removing FXLocker Ransomware
Step 1: Enter Safe Mode
- Restart your computer.
- Press F8 or Shift + F8 before the Windows logo appears.
- Select Safe Mode with Networking.
Step 2: Remove Malicious Processes
- Press Ctrl + Shift + Esc to open Task Manager.
- Locate any suspicious processes, especially those unfamiliar or consuming high CPU/RAM.
- Right-click on the process and select End Task.
Step 3: Uninstall Suspicious Programs
- Press Windows + R, type appwiz.cpl, and press Enter.
- Look for unfamiliar or recently installed programs.
- Right-click the suspicious program and select Uninstall.
Step 4: Remove Malicious Files
- Open File Explorer and go to the following directories:
%AppData%%LocalAppData%%ProgramData%%WinDir%/Temp
- Delete recently modified files with unusual names.
Step 5: Scan with SpyHunter
- Download and install SpyHunter.
- Open the application and click Start Scan Now.
- Wait for the scan to complete.
- Click Fix Threats to remove FXLocker ransomware and related files.
Step 6: Restore Encrypted Files
- If you have a backup, restore files from an external drive or cloud service.
- If no backup exists, consider third-party data recovery tools (e.g., Recuva, EaseUS Data Recovery).
Preventive Measures to Avoid Future Infections
- Keep Software Updated: Regularly update operating systems and applications.
- Use Reputable Security Software: Install and maintain SpyHunter or similar anti-malware tools.
- Avoid Suspicious Emails: Do not open attachments or click on links from unknown senders.
- Regular Backups: Maintain backups on external drives and secure cloud services.
- Use Strong Passwords: Enable multi-factor authentication where possible.
- Avoid Pirated Software: Download programs only from official websites.
Conclusion
FXLocker ransomware poses a significant threat to personal and business data by encrypting files and demanding an exorbitant ransom. While paying the ransom is discouraged due to the high risk of scams, removing the ransomware with tools like SpyHunter is essential. Implementing strong security practices and regular backups can further protect your system against future threats.
