FlatChestWare – another Hidden-Tear based virus

FlatChestWare is a file-encrypting virus that is based on the HiddenTear project.[1] This Trojan uses AES-256 cryptography and appends .flat file extension to each of the targeted files. After successful data encryption, it runs a program window with a ransom note where users are asked to pay $250.
After the infiltration, FlatChestWare virus shows a fake Windows Update window that looks like ordinary User Account Control (UAC) prompt. This trickery tries to make victims click an obfuscated button to launch malicious activities:
Windows Update
Restart your computer to finish installing important updates
Windows can't update important files and services while the system is using them. Make sure to save your files before restarting.
[“Restart now” button] [“Postpone” button]
Undoubtedly, the majority of users agree to install updates by clicking “Restart now” option. However, instead of getting important updates, users allow malware to delete Shadow Volume Copies and other cause other system changes. Therefore, malicious activities start if a user is tricked into hitting the button.
As soon as the computer is rebooted, FlatChestWare delivers a ransom-demanding message. Crooks inform about encrypted image, audio, video, text and other popular files. It is said that only their decryption software can help victims to restore their files.
HiddenTear, as well as the majority of its variants, is decryptable. Thus, you might be able to restore your files without paying the ransom. However, first of all, you should remove FlatChestWare from the PC. Do not follow criminals’ orders to disable your anti-virus. You should do the opposite.
Professional anti-virus or anti-malware is capable of performing FlatChestWare removal quickly and without causing damage to the system. Ransomware might make various changes in the system or affect the legitimate process, so it’s important to terminate malicious components safely. You should choose FortectIntego or SpyHunterCombo Cleaner for this task.

Developers use several strategies to spread malicious payload
The virus is executed from the FlatChestWare.exe file. According to the latest research data, the virus is looking for unprotected servers and tries to get remote access to the computer. Thus, if it finds opened ports and can take advantage of Remote Desktop Protocol (RDP),[2] it launches the attack.
However, FlatChestWare might also be distributed via malicious spam emails that include infected link or attachment. Thus, you should remain vigilant with received emails and do not rush to open any provided content.
Security experts from Estonia,[3] users should also follow all security advise and avoid high-risk sites, illegal downloads, clicking on suspicious ads. We want to add, that it’s also important to backup files and strengthen computer’s security with professional antivirus.
Obliterate FlatChestWare ransomware with powerful security tool
Computer users are advised to use powerful antivirus or anti-malware to remove FlatChestWare from the PC safely and quickly. Attempts to locate and delete ransomware-related files from the PC might end up with a damaged system and even bigger problems.
Thus, invest in professional software that will not only performs FlatChestWare removal but also protects from cyber threats in the future. FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes should be considered as these tools. The instructions how to install, update and run a system scan with a malware removal program are presented at the end of the article.
Was this guide helpful?
Be the first to comment