Home Malware Programs Ransomware FilesRecoverEN Ransomware

FilesRecoverEN Ransomware

Posted: April 2, 2021

The FilesRecoverEN Ransomware is a threatening file-encryption Trojan whose attackers are likely to be amateurs that, unfortunately, have managed to craft a file-locker, which is impossible to decrypt for free. The reason why the ransomware's authors are likely to be amateurs is that they are using an email address hosted with Gmail.com – needless to say, Google will not allow them to use the email for extortion, and it is a matter of days for the inbox to be banned probably. This would make it impossible for victims of the FilesRecoverEN Ransomware to contact the criminals, and they may not receive a decryptor even if they end up meeting the demands of the perpetrators.

When the FilesRecoverEN Ransomware infects a computer, it will aim to encrypt popular types of files like documents, images, archives, databases, and many others. The damaged files are renamed by adding the suffix '[ID=<VICITM ID>-Mail=FilesRecoverEN@Gmail.com].1aLA.' The ransomware also drops ransom notes called 'ReadMe_Now!.hta' and 'Read_Me!_.txt' in all directories that contain at least one encrypted file.

The ransom document urges victims to contact either filesrecoveren@gmail.com or filesrecoveren@protonmail.com, and prepare to pay a ransom fee via Bitcoin. We assure you not to pay the ransom sum because it is highly unlikely that FilesRecoverEN Ransomware's creators will end up providing you with a decryption tool. Instead, it is better to use an anti-virus tool to eliminate the threat and then try out other data recovery options.