Remove FunFact Ransomware and Restore Files

How to Remove FunFact Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Important Information!!!!
You had bad luck. All your files are encrypted with RSA and AES ciphers. to get your files back read carefully. if you do not understand, Read again. All your documents are recoverable only with our software and key file.
To decrypt files you need to contact worldfunfact@sigaint.org or funfacts11@tutanota.com and set your ID as email title and send clsign.dll file from your computer. That is the key file and yes, it’s encrypted. Search your computer for filename “clsign.dll” attach it to email. if you wish we will decrypt one of your encrypted file for free! It’s your guarantee. After you made payment you will receive decryption software with key and necessary instructions. if you don’t contact us within 72 hours we will turn on sanctions. you’ll have to pay more. Recovery is only possible during 7 days. after that don’t contact us.
Remember you are just single payment away from all your files
If your files are urgent pay exactly requested amount to Bitcoin(BTC) address and send clsign.dll file to us. We will send your decryption software within 24 hours; remember if you contact us first maybe you’ll have to pay less
User ID: –
BTC Address: 1AQrj5jBcRaA35nvmuySb8xYkmXsGC65Rc
Amount(BTC): 1.22038

Fun fact – your computer is infected with the most vicious type of virus imaginable. The ransomware family is notoriously dangerous and problematic. One of its latest members is the FunFact Ransomware. Have you had to deal with such a parasite so far? Check out today’s article to learn what you’re up against. Your computer is no longer infection-free. Furthermore, ransomware is dreaded for a reason. And you’re yet to witness its entire malicious potential unleashed unless you take measures. The sooner you tackle this pest of a program, the better. FunFact Ransomware slithers itself on board completely behind your back. It then starts scanning your device searching for private data. What ransomware searches for, it usually finds. This parasite locates all your personal, precious files. Being compatible with a huge variety of formats, FunFact Ransomware causes quite a mess. It uses a combination of RSA and AES ciphers to encrypt your data. In addition, the virus drops several files. Those are named clsign.dll, trc.dll, rar.exe, wallet.jpg and note.ini. You will find them in the folders that contain encrypted information. Your desktop wallpaper may get modified as well. Why are these tricks necessary? The note.ini file, for example, provides you payment instructions. Yes, this is your ransom note. As mentioned, you stumble across this message quite often. Hackers are forcing their instructions on you in attempts to make you nervous enough to pay. It’s a very simple scheme, actually. According to the ransom notes, you need a special decryptor. You’re unable to free your locked data without it. The problem is, hackers aren’t going to give the decryption key for free. Oh no. They demand 1.2 Bitcoins in exchange for their decryptor. For those of you unfamiliar with online currency, that equals 1187 USD at the moment. Are your pictures and music files worth almost 1200 dollars? Probably not. Even if you pay the entire ransom, though, that guarantees you nothing. Hackers are the last people on the planet that you should negotiate with. You see, they are only interested in gaining illegal profit online. Restoring your locked data was never really part of the picture.

How did I get infected with?

The FunFact Ransomware gets spread just like all infections. At the end of the day, ransomware is just a computer program that needs to get properly installed before it starts wreaking havoc. You can tell where this is going, can’t you? You’ve downloaded the parasite yourself. However, you don’t necessarily have to know when you installed it. Online parasites are stealthy. Ransomware is stealthy as well. It mainly travels the Web via spam email-attachments and messages. Next time you receive some message/email from an unknown sender, delete it ASAP. There might be a dangerous virus hiding behind it. With one single careless click you set the parasite free. Eventually, you end up compromising your own device. Ransomware may get disguised as job applications or emails from some shipping company. Delete what you don’t trust and keep an eye out for malware. It is also strongly recommended to stay away from illegitimate torrents, websites and program updates. More often than not, those are corrupted and dangerous. The FunFact Ransomware could have also used some help from a Trojan horse. It is in your best interest to check out the computer system for more infections. Do not overlook any potential threat and do yourself a favor instead.

Why is FunFact dangerous?

This program denies you access to your own files. That includes your photos, music, favorite videos, documents. Consider all your valuable information no longer usable. The FunFact Ransomware modifies your files by messing with their format. It adds a brand new extension to the target data. As a result, you can’t open or view your information. It goes without saying that such a trick is very harmful. Unless you have a backup of your data, things might get nasty. Keep in mind that paying the ransom would be a terrible idea. Hackers provide you two alternative email addresses – funfacts11@tutanota.com and worldfunfact@sigaint.org. Stay away from both and do not contact crooks. They are trying to steal your money by promising some highly questionable decryptor. Crooks also give you a deadline. What is the point of all that? You’re supposed to pay the ransom immediately because the more time passes, the clearer this fraud becomes. Keep your Bitcoins instead of sponsoring hackers’ business. To delete the ransomware manually, please follow our detailed removal guide down below.

FunFact Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover FunFact Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with FunFact encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate FunFact encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.