FlyingShip Ransomware

Novice cybercriminals often rework public malware projects to craft their own personalized piece of malware. This is the case of the FlyingShip Ransomware exactly, a file-locker that is based on the CryptoWire Ransomware, whose source code was published online in 2017. Fortunately, the file-encryption algorithm that this threat uses is very simple, and it has allowed cybersecurity experts to develop and release a free decryption tool for the CryptoWire Ransomware. The same decryptor also should be compatible with new variants of the threat, such as the FlyingShip Ransomware.

While having a free decryption tool at your disposal is great, you should not underestimate the dangers of a ransomware attack – the FlyingShip Ransomware and the CryptoWire Ransomware are capable of causing long-term damage to valuable files. These threats will try to encrypt data on all accessible hard drive partitions and removable storage devices. Whenever the FlyingShip Ransomware locks a file, it will add the string '.flyingship' between the original filename and extension – for example, 'backup.zip' would be called 'backup.flyingship.zip' when it is encrypted.

The New Variant of CryptoWire is Most Likely Decryptable

Just like the original CryptoWire Ransomware project, the FlyingShip Ransomware also displays the ransom message in a new window, which lists the encrypted files and directories. The crooks offer to sell a decryptor for $200, and they list the email flyingship@mail2tor.com as the only way to get in touch with them.

If the FlyingShip Ransomware has locked your files, you should remember to ignore the perpetrators' payment request and look for a more reliable recovery option. Start by running an anti-virus scanner to exterminate the threatening software, and then use the free CryptoWire decryptor to try and get your files back.