Fabsyscrypto Ransomware Removal Guide

If your system is under attack by Fabsyscrypto Ransomware, unfortunately you may have to say goodbye to your personal files if you forgot to save a backup copy on a portable drive recently. The bad news is that you may not be able to restore the files this ransomware threat encrypts without either the decryption key or your backup copy. Sadly, we have not found a free tool on the web that you could use to recover your files, although it is still possible that one will emerge in the near future. Until then you have really no real choice here than to remove Fabsyscrypto Ransomware right away after you notice it on your computer. Of course, you may consider paying the ransom fee as a possible way out of this nightmarish situation, but we would advise you against it. You need to understand that there is practically no chance that these cyber criminals who attacked your system with this dangerous malware program would care to send you the decryption key just because you transfer the money. Please read our full description before you decide what to do.

We have discovered that this ransomware program is in fact a new variant based on the notorious Hidden Tear Ransomware, which was originally an educational, open-source project to help security experts understand about ransomware. Unfortunately, ever since this project became available, more and more cyber crook wannabes have started to use it as a base for their versions. This is how, for example, APT Ransomware and Uyari Ransomware were born, too. This vicious program is mainly spreading in spam e-mails as a malicious attached file. This attachment can look like a normal image, or a video with, for example, pornographic content, or a document with macro. Users usually overlook the fact that this file has an .exe extension clearly showing that it is an executable file just because it may appear like “Read_Me_NOW.docx.exe” with a legitimate document icon.

No wonder many computer users tend to fall for such a trick and this is not the only one these schemers may use. In fact, this whole spam is based on deception starting with the sender name and e-mail address combo, and the subject field of course. These factors can really make you feel like you need to open this mail urgently and download the attached file to see it. However, when you run this file you actually activate this dangerous threat and your files will be encrypted in no time. This also means that when you get to delete Fabsyscrypto Ransomware, you cannot save your files anymore. Preventing ransomware infections from entering your system is of utmost importance because these are one of the most destructive and dangerous attacks against your computer, your privacy, and your files. If you do not seem to be able to protect your PC from similar threats, we suggest that you install a professional anti-malware program to do it automatically for you.

This ransomware program is supposed to use a “deadly” combination of AES-128 and RSA-2048 algorithms to encrypt your files. It targets your system folders, including Program Files (X86), Program Files, Temp, and Windows, and ciphers these extensions: .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, and .psd. The files affected by this infection get a “.locked” extension, which will not help you identify this threat in particular since it has been used by a number of other ransomware programs, such as XAMPP Ransomware and Hackerman Ransomware.

In order to make sure that you do not miss the ransom note, this infection drops its file called "_HELP_instructions.txt" in every folder where files have been encrypted. This note is indeed identical to the one used by Locky Ransomware. It informs you about the attack and that your files have been encrypted. Your only way out of this seems to be visiting one of the given websites on the Dark web via Tor browser. This ransom note does not tell you anything about the ransom fee or the Bitcoin address you may have to use to transfer it to. We do not have information as yet about the exact amount but based on our experience we can tell you that it can be anything from 0.1 BTC up to 1 or 2 BTC (125 USD to 1,250 or 2,500 USD). In certain cases, when crooks target corporations, this fee can reach even higher. When it is more like a test run or the crooks behind the attack are newbies, this fee can go as low as 10 dollars worth of Bitcoins. Well, no matter what this amount may be, we do not recommend that you transfer it to these criminals. The truth of the matter is that there is little chance that you will get your files decrypted in return. On the other hand, you would also support online crimes by this. We advise you to act right now and remove Fabsyscrypto Ransomware from your system.

Strangely enough, it is quite easy to eliminate this threat if you consider the damage it can do to you. First, you should end the malicious process this ransomware uses to operate through. Then, you should delete all the related files you can find on your system. Finally, it is best to restart your computer. Please follow our instructions below if you feel ready to act. Do not forget that this is also what you need to do first if you do have a backup copy on a removable hard disk. Once you have deleted Fabsyscrypto Ransomware from your system and you have rebooted, you can copy your clean files back to your PC. It is also possible that sometime in the near future some hackers will come up with a free tool to recover your files, but if you are not an advanced user, we suggest that you ask someone to help you with this. If you have had enough of these malicious attacks and keep failing to protect your PC, we recommend that you start using a powerful up-to-date malware removal program, such as SpyHunter.

Remove Fabsyscrypto Ransomware from Windows

1. Tap Ctrl+Shift+Esc simultaneously to open Task Manager.
2. Select the malicious process and press End task.
3. Exit the Task Manager.
4. Tap Win+E.
5. Find malicious executable file you saved from the spam (e.g., in Downloads, Temp, or Documents folders).
6. Delete all copies of the ransom note files ("_HELP_instructions.txt").
7. Empty your Recycle Bin and restart your system.