FOUR is a type of malware from cryptovirology that is designed to encrypt either personal files or the entire computer. The attackers use such types of ransomware-viruses to prevent victims from accessing their important files or computer and demand a ransom payment in Bitcoin cryptocurrency for a decryption toolkit. If you don’t know what to do in case of a ransomware infection, you will be glad you found this post.
Read this guide till the end to not only find out how to remove FOUR ransomware but to learn what you must do to prevent it in the future.
What is FOUR Ransomware?
FOUR is the name of a malicious program which is categorized as a high-risk ransomware-type virus. It is a new variant of the notorious Dharma ransomware family. Following successful infiltration, FOUR locks all major types of files (e.g., images, archives, backup, videos, work documents, etc.) found on the victim’s computer using asymmetric encryption.
In addition, this file-locker virus renames files by appending “.[lizardcrypt@msgsafe.io].four” extension to their filenames. For example, a file originally named “1.mp3” becomes “1.mp3.[lizardcrypt@msgsafe.io].four” after encryption.
Once this encryption process is finished, FOUR creates a “MANUAL.txt” file (ransom note) and places it on the victim’s desktop as a pop-up window.
The text file contains contact details (such as the email address of the four ransomware developers) and payment details (such as the price of the decryption key).
We strongly recommend not to pay ransom money to the hackers because there’s no guarantee that they will send a decryption key after receiving the ransom payment.
FOUR Ransomware: Distribution Techniques
Here are some of the common techniques that cybercriminals use to deploy ransomware-type infections to the targeted systems.
- Spam and phishing
- Exploit Kits
- Software cracking
- Pornographic sites
- Peer-to-Peer file-sharing networks (e.g., torrent clients)
- Flaws of unpatched programs and operating systems
- Social clickjacking
How to Remove FOUR Ransomware from a computer?
To remove FOUR ransomware and other harmful infections, we recommend performing an automatic scan with a trusted and reliable anti-malware software on the compromised system.
In addition, users are suggested to follow the below-mentioned internet security tips to improve defenses against all sorts of cyber-attacks.
- Do not open an email attachment from someone you don’t know.
- Keep your OS and installed applications up-to-date.
- Backup your most valuable files/ folders to external storage devices.
- Avoid downloading/installing software from suspicious third-party sites.
