FlatChestWare Ransomware

What is FlatChestWare Ransomware?

If you come across a new extension .flat appended to your files, you should know that it is a first sign showing that FlatChestWare Ransomware, a HiddenTear-based crypto-threat, has infiltrated your computer. It is one of those nasty infections that enter computers to ruin users’ files. Specifically speaking, it locks users’ files with a strong cipher so that it could easier extract money from them. If you are among those unfortunate users who have found that it is impossible to access a bunch of files, you should, first of all, go to remove the ransomware infection from your computer so that this infection could not cause you more problems. Your files will stay as they are, i.e., encrypted, but you could restore them from a backup you have. If you have never backed up files in your life, the possibility is huge that you could not restore them for free in any other way. Some users need their files back so badly that they are determined to pay money to cyber criminals, but, believe us, making a payment to malicious software developers is a huge mistake, so you should not do that by any means.testtesttest

What does FlatChestWare Ransomware do?

FlatChestWare Ransomware acts as a typical ransomware infection despite the fact that it is a new threat. It shows up on users’ computers without their consent and then immediately starts the encryption of files. Before locking users’ personal files, it first finds where they are located, of course. There is no doubt that the encryption of files has already taken place if you see a window with a picture of an anime girl and a smaller pop-up called Information on your screen. If users read both of them, it becomes clear immediately why files cannot be accessed and how they can be restored. Just like other ransomware infections seeking to obtain money from users, it demands a ransom of $150. It has to be sent in Bitcoins as soon as possible. Once the payment is made, users are instructed to click the Verify Payment button. When the payment is confirmed, files should be decrypted automatically. Well, at least, the message opened for users by FlatChestWare Ransomware says so. Do not be so sure that you will really get your files decrypted after paying the required money because it is already more the rule than the exception that cyber criminals do not unlock the encrypted files even after they receive money from users. In such a case, do not expect to get your money back. Since there are no guarantees that transferring the ransom to cyber crooks will result in the decryption of files, we recommend that you go to try out alternative data recovery methods. As has been mentioned in the previous paragraph, you can go to restore those files from a backup. You can also try out free tools claiming that they can restore files available on the market, but, of course, we cannot promise that you will find them very useful.

Where does FlatChestWare Ransomware come from?

Ransomware infections, just like other malicious applications, enter computers illegally. There is a bunch of different distribution strategies cyber criminals can adopt to disseminate their creations. In the case of FlatChestWare Ransomware, there is basically no doubt that this infection can be spread via malicious attachments in spam email campaigns. Additionally, this infection can be installed on users’ computers as a result of weak Remote Desktop (RDP) credentials. No matter how this infection enters the system, it creates a point of execution in the Run registry key (HKCU\Software\Microsoft\Windows\Current version\Run) following the successful entrance. This allows it to start working the second when the Windows OS loads up on the compromised machine. This is one of the major reasons you cannot keep FlatChestWare Ransomware active on your computer – it will strike again soon if you do nothing.

How to remove FlatChestWare Ransomware

If you have clicked on the Restart now button located on the fake Windows Update window shown on your screen after launching the malicious file and then immediately get your files encrypted by FlatChestWare Ransomware, you must go to remove the ransomware infection from your system as soon as possible because it will surely not miss an opportunity to lock your new files again. You can erase it either manually (our instructions will help you delete it), or you can delete it automatically using a reputable malware remover. Unfortunately, your files will not be unlocked for you no matter how you remove it.

FlatChestWare Ransomware removal guide

  1. Press Win+R.
  2. Enter regedit.exe and click OK to open Registry Editor.
  3. Open HKCU\Software\Microsoft\Windows\Current version\Run.
  4. Search for a Value named Microsoft Update.
  5. If you can find it there, right-click on it and select Delete.
  6. Go to remove all recently downloaded files (they should be located on Desktop or in the Downloads folder).
  7. Empty Recycle bin. 100% FREE spyware scan and
    tested removal of FlatChestWare Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *