Severity scale:  

Remove Flotera ransomware / virus (Bonus: Decryption Steps) - Virus Removal Instructions

removal by Ugnius Kiguolis - - | Type: Ransomware

The third version in Polski ransomware trilogy – Flotera ransomware virus

Flotera virus is a malicious computer program that we have added to ransomware category. This virus appears to belong to Polski ransomware group. It must be said that Flotera ransomware is almost identical to Vortex ransomware – both ransomware viruses use AES-256[1] to encrypt files on the available drives, and both of them use .aes file extension to mark encrypted files. Following the encryption procedure, Flotera creates !!!-ODZYSKAJ-DANE-!!!.TXT file, which malware researchers identify as the “ransom note.” This text file contains the message that cyber criminals wrote for the victim. Ŧl๏tєгค гคภร๏๓ฬคгє authors say that files on the system were corrupted and that they are the only ones who can help to restore them. Of course, not for free. Cyber criminals[2] demand a ransom, which reportedly ranges from $199 to $299. Flotera developers promise to increase the price by 100% in case the victim fails to collect money for the ransom within four days. Crooks tell the victim to write to one of those emails in case one decides to pay the ransom – or and wait for further instructions. We do not advise you to pay the ransom – instead, we suggest you remove Flotera virus using anti-malware programs like Reimage Reimage Cleaner Intego. A full ransomware Flotera removal guide is provided at the end of this page.  Flotera ransomware virusFlotera ransomware is almost identical to Vortex ransomware, however, it provides different email addresses in the ransom note.

Questions about Flotera ransomware virus

Flotera ransomware, just like Vortex virus, is based on open-source encryption and decryption software AESxWin, which is published on GitHub. The author of the three Polish ransomware variants had modified the code of the encryption tool before using it for the ransomware project. Therefore, once the ransomware is run on the victim’s computer for the first time, it displays a pop-up “AESxWinAuto” which asks if it should run at startup. If the victim clicks Stop, the ransomware won’t be executed. Otherwise, it begins the encryption routine. The ransomware then connects to a public API[3] and gets an encryption key that consists of 120 characters, then connects to another API to get user’s IP address. Such information immediately gets transmitted to criminals’ servers. If by any chance you use a network traffic tracking program, you could find the encryption/decryption key in the logs and use it for data decryption. Unfortunately, users typically do not install such tracking software on their PC’s.

How did this ransomware infiltrate my computer system?

Unlike the majority of ransomware viruses, Flotera isn’t distributed using same malware propagation means. Instead of attaching it to phishing emails or spreading it alongside pirated software packs, authors of this ransomware tend to install it on computer systems manually. It appears that the virus can be downloaded to the system with the help of vjw0rm Remote Access Trojan (RAT)[4], which is distributed via several spam campaigns targeting Polish computer users. This Trojan gives attackers access to control victim’s system remotely; therefore they can install the ransomware manually.

How can I remove Flotera ransomware from my computer?

In the ransom note, cyber criminals advise the victim not to use antivirus programs because “the virus deletes itself as soon as it encrypts files.” However, you should not trust them and scan the system with anti-malware tool to detect and remove Flotera remains as well as the described vjw0rm Trojan[5]. You can find instructions on how to launch your anti-malware program properly down below. We suggest you not to attempt to remove the malware from the system manually because this way you can create more problems than you can imagine. To clear your PC from malware, follow these steps:

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Flotera virus, follow these steps:

Remove Flotera using Safe Mode with Networking

To remove the virus, carry out the following instructions.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Flotera

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Flotera removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Flotera using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Flotera. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Flotera removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Flotera from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

You can restore your data if you had a network traffic tracking software running on your computer during the ransomware attack. Otherwise, it is not possible to decrypt your files for free. You can import data copies from a backup (after removing the virus), but to decrypt files, you need the unique data decryption tool that only cyber criminals have. However, they want to get a ransom, and we do not recommend paying.

If your files are encrypted by Flotera, you can use several methods to restore them:

Try this data recovery tool

You can try to detect some files that can be restored with a help of Data Recovery Pro:

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Flotera ransomware;
  • Restore them.

Use ShadowExplorer

ShadowExplorer comes in handy if ransomware virus fails to delete Volume Shadow Copies (data copies that can be used to restore files if their original versions get deleted or corrupted). Here’s how you should use it:

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Flotera and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


  1. tuborg222 says:
    March 24th, 2017 at 8:59 am

    Polish ransomware developers are on fire, I see.

  2. Hudson says:
    March 24th, 2017 at 8:59 am

    oh yes they are. However, I doubt that their attempts to make money will be successful. Everybody knows about ransomware these days. Hardly someone pays the ransom. aint nobody got time for that…

  3. Wayfare says:
    March 24th, 2017 at 9:01 am

    Im sorry but I do not agree with you. Ransomware is on the rise and unfortunately statistics show that victims tend to pay the ransom! However, considering that the ransomware targets Polish people, there shouldnt be too many victims. Sadly, those ransomware crooks can try to make an english Flotera version anytime soon. Create your backups, guys.

  4. helpz says:
    March 24th, 2017 at 9:02 am

    I was infected but my antivirus doesnt detect vjworm, what should I do?! Help!

Your opinion regarding Flotera ransomware virus