French Ransomware

Posted by Lisa Blanc on December 7, 2017

What is French Ransomware?

French Ransomware appears to be a new malicious file-encrypting program created while using an open-source ransomware known as Hidden Tear. The threat looks quite dangerous since it can encipher not only pictures, text documents, or other personal files, but also executable files and other data that could belong to the software located on the affected computer. Fortunately, the malware is still in the development stage and so even if you come across it, the chances are it might not lock any of your files, and later in the article, we will tell you more about it. It is still difficult to say if the threat is even being spread yet, but just in case it is we will provide step by step deletion instructions showing how to get rid of French Ransomware manually. The infection can be removed with a legitimate antimalware tool too, so all that is left is to decide which way is easier for you.testtest

Where does French Ransomware come from?

As we mentioned earlier, French Ransomware might not even be distributed yet. However, if it is, we believe it could be traveling with Spam emails, malicious setup files, and so on. Thus, to keep away from it or other malware alike we would recommend taking extra precautions. For example, it would be best to scan questionable email attachments before launching them, and the same should go for setup files downloaded from doubtful file-sharing web pages or any other data acquired from an untrustworthy source. The scanning process may take only a couple of minutes, and by investing just a bit of your time, you could avoid damaging the computer or essential files stored on it.

How does French Ransomware work?

According to our researchers at Anti-spyware-101.com who tested the malicious program themselves, the sample of French Ransomware they had could lock only files that were in a particular test directory on the %HOMEDRIVE% location. Most likely, the malware’s developers created such folder on their computer and placed a couple of files to test if the infection works as it should. To see how it works our researchers created such directory. What they discovered is that the threat not only encrypts files it is after but also renames each of it and appends a specific second extension at the end of the new title, e.g., KtaCeRiQM_Jx.lockon.

Afterward, the malicious program should drop a file called background.jpg in the location where the user downloads the file that infects the system. This image should carry a text known as ransom note and to make it more visible to the user it might replace his Desktop wallpaper with it. Naturally, the ransom note demands the user to make a payment the hackers’ account. In return, it says the user would receive a decryption tool capable of unlocking all encrypted data. The problem is you can never know if the malware’s creators will keep up to their end of the deal. Sadly, there are many cases when users trust cyber criminals and end up losing both their data and money. Clearly, if you come across a test version of French Ransomware, you can pay no attention to the ransom note and delete the threat at once since as we already said it should not lock any data.

How to eliminate French Ransomware?

One of the options is to follow the instructions available below the text and remove the malicious program manually. Those who find this process a bit complicated or fear there might be more dangerous malware on the computer should download a legitimate antimalware tool. Once it is installed, you could use its scanning feature to locate the infection and other possible threats. Later on, all detections could be erased at the same time if you just click the deletion button. Provided you have any questions related to French Ransomware, feel free to write us a message below the article.

Erase French Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Launch Task Manager.
  3. Navigate to Processes.
  4. Locate a particular process associated with the malicious program.
  5. Select the malicious process and click End Task.
  6. Close the Task Manager.
  7. Press Windows key+E.
  8. Navigate to these paths:
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
    %TEMP%
  9. Locate the infection’s installer.
  10. Then right-click the suspicious file and press Delete.
  11. Leave File Explorer.
  12. Empty Recycle bin
  13. Reboot the device. 100% FREE spyware scan and
    tested removal of French Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *