Your files must be backed up if you want to stand a chance against threats like FilesLocker Ransomware. This is a file-encrypting threat that can silently change the data within your files to render them unreadable. Once that is done, you can no longer access your photos, music files, documents, and other kinds of files stored on your computer. If you have backups stored on external drives (it does not matter whether they are physical or virtual), you can easily replace the corrupted files with backups. Of course, before you do that, you must delete FilesLocker Ransomware. While this threat is still active, you do not want to connect any devices or use your browsers at all. First, you want to remove malicious components and then figure out what to do next. That being said, if you know that backups do not exist, you might think that you have no other option but to pay attention to the ransom demands, and that is exactly what the attackers behind this infection want.
According to our malware experts, FilesLocker Ransomware is most likely to slither into your operating system using vulnerabilities within RDP. The infection could also be introduced to you using misleading spam email messages. In any case, you are not supposed to recognize malware right away. If you can, you should be able to remove FilesLocker Ransomware before anything happens. However, if the threat slithers in without getting noticed, it can encrypt files momentarily. When it does that, a unique extension (“.[email@example.com]”) is added to the original names, and that can help you spot the affected files immediately. Unfortunately, before you get to do that, you need to figure out how to access your computer. When the ransomware encrypts files, a window entitled “FilesLocker v2.0” is opened, and you cannot close it normally. Of course, that is not a permanent state, and you can get rid of the screen-locking window. You can do that using Task Manager (tap “Ctrl+Alt+Delete” and select “Start Task Manager”), or you can simply restart the computer using the power button.
To make sure that you are reminded of the demands made via the screen-locker’s message, FilesLocker Ransomware also replaces the Desktop wallpaper and drops additional ransom notes. The wallpaper image is called “WallPaper.bmp,” and you should find it on the Desktop. This image file represents a short message in English and Chinese, and it simply instructs to open “#DECRYPT MY FILES#.txt” or “#解密我的文件#.txt” file (depending on your language). Both of these files should be created on the Desktop too. These text files represent a shorter version of the ransom note initially delivered via the screen-locker. The basic message is that you must pay a ransom of 0.25 Bitcoin (at the time of research, this was around 1,300 USD) to obtain the so-called decryption tool. There’s also an email address (firstname.lastname@example.org), which you are supposed to use for communication. You should NOT email the attacker or pay the ransom because this is, most likely, just a scam to get your money. On top of that, the word on the street is that a free decryptor exists.
Hopefully, you can restore your files for free, or you can replace them with backup copies. Once your files are taken care of, you should have no reservations about the removal of FilesLocker Ransomware. Of course, if you lack experience, deleting this threat manually might seem like quite a challenge. Yes, it is not that easy to get rid of this malware if its launcher is hidden. If you cannot eliminate the executable that is responsible for the mess, and, more important, if you cannot fix the security issues that allowed this malware to attack in the first place, we recommend employing anti-malware software without any hesitation. If you want to continue the discussion about FilesLocker Ransomware, post your questions below.