FLSCRYPT Ransomware is a New Phobos Clone

ransomware

FLSCRYPT is the name of a newly discovered ransomware strain that belongs to the Phobos family of ransomware variants.

FLSCRYPT encrypts files as expected, affecting most popular extensions and leaving files unreadable. Encrypted files receive a new extension made up of multiple parts, containing the victim ID string, the contact email used by the malware operator and the ".FLSCRYPT" string.

This means that a file originally named "document.txt" will turn into "document.txt.id[alphanumeric string].[decrypt2022@onionmail.ogr].FLSCRYPT".

The ransom note is deposited inside a couple of files with the same name, one plain text and one .HTA file, both named "info". The full text of the note is as follows:

Hello my dear friend. All your files have been encrypted!

Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted. The only method of recovering files is to purchase decrypt tool and unique key for you.

If you want to recover your files, write us to this e-mail: decrypt2022@onionmail.org In case of no answer in 24 hours write us to this e-mail:decrypt2022@msgsafe.io

Our online operator is available in the messenger Telegram: @Files_decrypt or hxxps://t.me/Files_decrypt

If there is no response from our mail, you can install ICQ software on your PC here hxxps://icq.com/windows/ or on smartphone from Appstore / Google Play Market search for "ICQ"

Write to our ICQ @Ransomware_Decrypt hxxps://icq.im/Ransomware_Decrypt/ Or download the (Session) messenger (hxxps://getsession.org) in messenger: [alphanumeric string]

You have to add this ID - and we will complete our converstion.

Or download the Tox Chat (hxxps://tox.chat/download.html') in messenger: [alphanumeric string] You must add this ID -and write to us.

Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly.

Your Data

Sensitive data on your system was DOWNLOADED.

If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.

Data includes:

Employees personal data, CVs, DL, SSN.

Complete network map including credentials for local and remote services.

Private financial information including: clients data, bills, budgets, annual reports, bank statements.

Manufacturing documents including: datagrams, schemas, drawings in solidworks format

And more...

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

We are always ready to cooperate and find the best way to solve your problem.

The faster you write - the more favorable conditions will be for you.

Our company values its reputation. We give all guarantees of your files decryption.

By Zaib
August 9, 2022
Ransomware
English
August 9, 2022
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Lizard (Phobos) Ransomware

Lizard is the name of the latest clone of the infamous Phobos ransomware. The newest strain has been spotted in the wild only recently, joining the considerable number of already known Phobos ransomware clones. Lizard... Read more

June 16, 2022
Ransomware

Non (Phobos) Ransomware

There is a newly discovered ransomware strain in the wild and it has a somewhat confusing name. The new ransomware is called simply "Non" and it belongs to the family of Phobos ransomware clones. Once deployed on a... Read more

June 24, 2022
Ransomware

Ccyu Ransomware is Yet Another Djvu Clone Targeting Files to Encrypt

Ccyu ransomware is the name of a newly discovered strain of file-encrypting malware. The new variant is the latest addition to the already huge family of ransomware clones based on the Djvu ransomware. The new... Read more

August 8, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.