On May 11th, 2018, malware analyst Leo Shared on his Twitter about the newest ransomware discovery called a ‘tr011′ ransomware, also known as a Facebook ransomware or FBLocker. This virus attaches .facebook extension to the affected files’ name string and claims in a ransom note that the encryption was made by Facebook’s creator Mark Zuckerberg himself and there is no way you can recover your files.
As silly as this ransom note sounds, it still adds more fuel to the fire, in addition to all the recent negative news about Facebook. However, by no means, FBLocker virus is created by Zuckerberg, who has a lot to deal with already, nor your files are forever lost. If you want to know more about the new scandalous ransomware and how to remove it, keep reading below.
What is known about FBLocker ransomware?
FBLocker virus is almost a typical type of ransomware. Just like other crypto-malware, it distributes through spam email attachments. Crooks send tons of emails to chosen addresses providing false ‘important information’ which require to download/open the attachment. If the recipients are unaware and gullible internet users, they open an infected file with FBLocker virus and allow the ransomware into their computer. The initial crypto-malware installation starts from the very first click on the attachment.
Once installed using difficult algorithms Tr011 virus finds personal data files, like pictures, music, videos, documents and encrypts them while appending .facebook file extension, so the victim could not access it and would see which files are infected. It specifically targets such files like photos and documents, which are the most valuable for the PC user, so that they would be willing to pay a bigger ransom for a decryption key.
But this is where the FBLocker virus acts differently than every other ransomware. In the ransom note crypto-viruses put the amount and email address to which victim should send the required fee in BTC currency for decryption, they also try to speed up the process by adding a timer of 24-96hrs on a side, saying that if hackers won’t get the payment in time, all the files and/or decryption key will be deleted permanently. In FBLocker’s case, the ransom note only states that the files have been encrypted by Mark Zuckerberg and there is no way to recover them. Furthermore, there is no email, ransom fee or directions for a victim to follow in order to decrypt locked data. Clearly, as the name Tr011 states, FBLocker ransomware was created by someone who really dislikes and tries to troll Facebook, or Mark Zuckerberg specifically, by casting another shade on the social network company, falsely making more people angry.
The ransom note is written in Russian and English languages aiming to target various regions. It says:
What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Do not waste your time looking for a way to recover your files. Nobody can recover your files.
Can I Recover My Files?
No. I am Mark Zuckerberg and I have encrypted your files without saving any encryption keys. I appreciate you executing my program because you allowed me to ruin more lives.
As much as crooks want M. Zuckerberg to look like a total ‘bad guy’, we all know that Facebook’s CEO doesn’t have time for making file-encrypting ransomware, nor wants to add more hate towards his company and own name.
The positive thing about FBLocker virus is that it doesn’t request any ransom. Sometimes even the smartest PC users get really stressed after seeing their files locked and fall into the crypto-malware trap by paying hackers hundreds and even thousands of dollars to get decryption key but end up getting nothing, so their files remain inaccessible and they lose significant amounts of money. But is it really impossible to rescue your files from FBLocker’s encryption? This may be just another lie.
How to remove the Facebook virus?
If you, unfortunately, have caught Facebook ransomware and now your personal files are locked with .facebook extension, don’t just start messaging M. Zuckerberg with horrible curse words and requests, but try our suggestions to possibly fix this issue yourself.
The first step of system’s recovery should begin with FBLocker’s removal. That you can try achieving manually looking for ransomware’s exe file and deleting it, but we suggest using trusted automatic malware removal tools, such as or Spyhunter, which will scan your computer in no time, discover not just one, but pretty much all threats your PC is dealing with, and will automatically remove them from the system once and for all. These tools come in handy even prior infection, because they spot and delete viruses, trojans, worms before infection escalates, and also they are capable of fixing some damage made by viruses.
Secondly, if you feel that you don’t want to download any new program or FBLocker doesn’t allow you to, or even after using anti-malware your PC is acting strange, you should consider a system restore option from backups. Unfortunately, you can only restore the files that you have made back up copies of, but so far it is the most effective recovery method. If you want to learn how to do a system restore, follow our step-by-step guide here.
Lastly, be aware of what you click on.
Automatic Malware removal tools