Facebook Ransomware Removal Guide

Unsafe RDP configurations can open up security backdoors for Facebook Ransomware to slither in. Spam emails, malicious downloaders, and other threats could be employed to spread this threat. It is designed to slither in without your notice, and when it overcomes that hurdle, it immediately starts encrypting personal files. Although this infection only encrypts files that are located in the folders of the %USERPROFILE% directory, if this is where your personal files are stored, the threat can be very detrimental. If your files were encrypted by this malware, you want to replace them with backups, but before that, you have to delete Facebook Ransomware. If you do not have backups, we cannot help you with recovery because decrypting files is not possible. If a free decryptor emerges, we will let you know as soon as possible. Right now, however, the only thing you can do is remove the malicious threat, and this task is very important too.

When Facebook Ransomware attacks it launches a window that takes up the entire screen. You cannot close it like any regular window, and so you might think that your system was locked. It was not, and you can easily close the window using the Alt+F4 key combination. Before you do that, you might want to play around with the message represented via the window. Although the Facebook logo is displayed, there is no reason behind that. The message itself is short, and it simply declares that files were encrypted and it also instructs to click the “How to decrypt my files” button. If you click this button, a pop-up window entitled “Information” shows up, and the message orders to pay a ransom of 0.29 Bitcoin. The address of the Bitcoin Wallet to which the ransom must be paid is 191RK3m897XbQqX7rSieYNqNFmJLorKpuP, and, at the time of research, it was empty. Hopefully, you do not change that because the attackers do not deserve your money! Remember that if you pay the ransom, there are no guarantees that your files will be restored!

Our research team has analyzed hundreds of infections based on the Hidden Tear malware code. Facebook Ransomware is joined by TrumpHead Ransomware, EnybenyCrypt Ransomware, SymmyWare Ransomware, and many others. While these threats have more similarities than differences, the one similarity that we should mention is that the victims never get their files back. This is why we do not advise paying attention to the ransom note or the message delivered using the “READ_IT.rtf” file on the Desktop. This message asks to send Bitcoins or a “kebab,” and so it is unclear whether Facebook Ransomware is a serious infection or someone’s version of a sick joke. That being said, it CAN encrypt files, and it adds the “.Facebook” extension to the ones it encrypts. Besides messing with files, the infection also disables the Task Manager via Windows Registry. Luckily, there is an easy fix for this issue, and you can restore Task Manager using the guide below.

We cannot promise that you will be able to remove Facebook Ransomware manually, and that is because we do not know if you will find and identify the executable file that launched this threat. If you know where it is, go ahead and delete the threat using the instructions below. However, if you need help, an anti-malware program is exactly what you need. Even if you can remove malware manually, this program can save you time and, at the same time, solve the Windows security problem. Clearly, if Facebook Ransomware got it, your security is not up to par. More experienced users might be able to evade threats with their own efforts, but we do not want you betting on luck. Instead, implement software that will ensure full-time protection, so that you would not need to worry about your files or waste time removing malware again.

How to delete Facebook Ransomware

1. Tap Alt and F4 keys on the keyboard at the same time to close the window.
2. Locate the [unknown name].exe file that launched the infection.
3. Right-click and Delete the file.
4. Also, right-click and Delete the ransom file named READ_IT.rtf (on Desktop).
5. Launch RUN (tap Win+R keys) and enter regedit.exe into the box.
6. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
7. Right-click and Delete the value named DisableTaskMgr.
8. Complete the task with Empty Recycle Bin.
9. Install and run a legitimate malware scanner.