Facebook Ransomware

What is Facebook Ransomware?

Facebook Ransomware is a rather old ransomware infection that can still make waves if you manage to stumble upon its installer. There is nothing terribly specific about this infection, but seeing that it has been released quite a while ago, there is a good chance that a public decryption tool available right now. If not, you can always address a professional who would help you terminate Facebook Ransomware for good. The most important thing is not to panic because ransomware infections rely on your unstable emotions to swindle you out of your money.testtest

Where does Facebook Ransomware come from?

We know for sure that Facebook Ransomware belongs to the Hidden Tear Ransomware family. Hidden Tear is an open-source ransomware infection. It means that its code is available in public, and anyone can use it to create more ransomware programs. Therefore, there are lots of infections based on the same Hidden Tear code. For example, previously, we discussed Poop Ransomware, BlackWorm Ransomware, PTP Ransomware, and many other applications that were also based on the Hidden Tear Ransomware code.

Does it mean that the same decryption tool can be used on all infections from the same group? Unfortunately, that is not the case here. Although all these programs are based on the same code, they require unique decryption keys.

Due to the fact that removing the ransomware and restoring encrypted files is a very tedious business, a lot of effort is made to prevent ransomware infections. For that, we need to learn how ransomware infections spread. For instance, our research team says that Facebook Ransomware must travel via Spam attachments and safe RDP configurations. It also means that users allow ransomware installation files to enter their systems willingly. Users just don’t understand that the files that look like regular documents are malware installers. The key here is to avoid downloading and opening files you receive from unknown parties.

If you feel that the file you have received is important, you can scan it with a security tool of your choice. It would actually be a good habit, especially if you deal with a lot of unknown content at work. It would be a lot worse if Facebook Ransomware infected your work computer than your home computer. If your work computer is connected to an office network, the infection could spread across several machines.

What does Facebook Ransomware do?

Facebook Ransomware works just like any other ransomware program that we have encountered before. When it enters your system, it launches the file encryption, affected files located in the %USERPROFILE% directory. The program can also disable Task Manager by modifying Windows Registry. When the encryption is complete, Facebook Ransomware displays a ransom note that says the following:

Oops Your files are encrypted.
Please click the button that says “How to Decrypt my files”

You need to 0.29 bitcoins to the address above. Once done and sent, Press, Give me my files back

Let’s remember that Facebook Ransomware was released back in December 2018. Thus, it is very likely that even if you were to try and contact the criminals behind this infection, your call for help would not reach anyone. In fact, it is never a good idea to pay the ransom fee even if it looks that it is the only way to restore your files. After all, you would only help these criminals make more malicious programs!

How do I remove Facebook Ransomware?

Since we shouldn’t pay any attention to the ransom note, we have to remove Facebook Ransomware for good. The manual removal guidelines are given at the bottom of this description. You can always remove Facebook Ransomware automatically with a powerful antispyware tool.

The most problematic aspect of this infection is your files, obviously. If you have copies of your files on an external hard drive, then there’s no problem. You can simply delete the encrypted data and transfer good copies into your computer. If you do not have copies of your files, please refer to a professional for other file recovery options. Usually, there is always at least one more recovery method you can try. Finally, always be careful about the unfamiliar content you encounter online because dangerous infections are always just a click away.

Manual Facebook Ransomware Removal

  1. Press Alt+F4 to close the Facebook Ransomware pop-up.
  2. Remove the most recent files from Desktop.
  3. Go to the Downloads folder.
  4. Remove the most recent files from the folder.
  5. Press Win+R and type %TEMP%. Click OK.
  6. Delete the most recent files from the directory.
  7. Press Win+R and type regedit. Click OK.
  8. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  9. On the right side, right-click and remove the value DisableTaskMgr.
  10. Restart your computer and when system loads, press Ctrl+Shift+Esc.
  11. Click the Processes tab and highlight processes with Facebook Official in its description.
  12. Click End Process and exit Task Manager.
  13. Run a full system scan with SpyHunter. 100% FREE spyware scan and
    tested removal of Facebook Ransomware*

Leave a Comment

Enter the numbers in the box to the right *