Firecrypt Ransomware Removal Guide

We have recently acquired a sample of a ransomware-type infection that was dubbed Firecrypt Ransomware and tested it. Our tests have confirmed that it is a type of ransomware that encrypts certain files on the infected computer and then demands that the victim pay a ransom to get them decrypted. The sum asked for the decryption key is rather large and your files might not be worth the money. Furthermore, your files might not be decrypted even after you pay the ransom. Therefore, we recommend that you remove it from your PC as soon as possible. For more detailed information on this infection, please read this whole article.

The people behind this infection are unknown, but if they were, then they would be in serious trouble and probably go to jail. However, it is unknown where this ransomware originated from, so it is unlikely that the cyber criminals that created it will get caught. Our research has revealed that this new ransomware is being disseminated via email spam. Its developers have set up an email server that is dedicated to sending spam to random email addresses in an attempt to infect as many computers as possible. The emails feature an attached file that is most likely presented as an invoice. If you open what may look like a Word document, your computer will become infected with this ransomware. Take note that a Word document has the .doc or .docx extension, but if it has .doc.exe or .docx.exe, then it is an executable disguised as a Word file that is meant to infect your PC with ransomware such as Firecrypt Ransomware secretly.

If Firecrypt Ransomware enters your computer, then it will spring into action immediately and start doing its dirty work. Our research has revealed that it uses the AES-256 algorithm to encrypt targeted files. This algorithm is very strong, and this ransomware creates a unique encryption key for each victim, and the only way to get the private decryption key is to pay the ransom because the key is located on a remote server. Firecrypt Ransomware targets various image, video, and document formats that are likely to contain personal and thus valuable information for which you might pay the outrageous sum of money. It appends the encrypted files with the “.firecrypt” file extension, but changing the extension will not do anything to get your files back. The cyber criminals behind this application demand that you pay them $500 USD in Bitcoins which is 8 BTC. If you do not pay until the given deadline, then the key will be destroyed or so the developers have stated in the ransom note that is dropped after the encryption is done. The note is named randomly but has the .html file extension, and it should be dropped on the desktop. You should consider your option and decide whether your files are worth the money asked. However, you should take into account the fact that you might not get the decryption key after you have paid.

You should not trust cybercriminals to deliver on their promise because all they care about it getting your money. If Firecrypt Ransomware has encrypted files that are not that important to you, then we recommend that you delete it from your computer. We recommend using SpyHunter as it is more than capable of removing it.

Removal Instructions

1. Go to http://www.411-spyware.com/download-sph
2. Download SpyHunter-Installer.exe and install it.
3. Launch it and select Scan Computer Now!
4. Once the scan is complete, hold down Windows+E keys.
5. Enter the file path of the malicious file(s) included in the scan results in the File Explorer’s address box.
6. Press Enter.
7. Right-click the malicious file(s) and click Delete.
8. Empty the Recycle Bin.