Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

FlatChestWare Ransomware

If you had clicked the Restart now button located on the Windows Update window before discovering your files encrypted, you must have FlatChestWare Ransomware on your computer because this threat is one among few ransomware infections opening a fake “Restart your computer to finish installing important updates” window on users’ screens. Users do not get their PCs rebooted after clicking this button. Instead, they initiate the encryption of files and discover the main ransomware window opened on Desktop after doing that. FlatChestWare Ransomware is a new threat based on the HiddenTear, an open-source ransomware, engine, and it is clear that its only goal is to obtain money from users. Do not give cyber criminals what they want, i.e., your money no matter how badly you need to get your personal data decrypted because you might not be given anything. We cannot promise that you could decrypt your files without the special decryptor because ransomware infections use strong encryption algorithms seeking not to leave the tiniest chance for users to decrypt files without purchasing a decryptor they claim to have; however, we know one thing for sure – you cannot keep this ransomware infection installed on your computer because it has a point of execution in HKCU\Software\Microsoft\Windows\Current version\Run which allows it to continue working even if a user restarts the computer. This means that your new files will be in danger if you do nothing to eliminate this threat from your computer today.

As you already know, FlatChestWare Ransomware starts working when a user clicks the Restart now button. The first activity this threat performs on the victim’s computer is the encryption of files. These files get a new extension .flat appended, and they can no longer be opened, so we are sure it becomes clear soon that malicious application has successfully entered the system. Of course, the ransomware infection itself does not leave users without telling them what has happened to their files either. It opens a window with a message on Desktop. It tells that all personal files, including photos, videos, downloads, and documents have been locked. Also, users are told that they can recover those files only by paying money for the decryption service. A smaller window opened on the screen provides more information about the payment users have to make to get files decrypted. Users are told that they have to pay $150 in Bitcoins to the provided BTC address and then click the Verify Payment button on the main ransomware window. Since you have no guarantees that files will be unlocked for you when you make a payment, you should not send a cent to the author of FlatChestWare Ransomware. It would be smarter to restore the encrypted data from a backup instead. If this threat has not removed the so-called Shadow Volume Copies of files, there is a slight possibility that some free data recovery tools could restore some of your files too, so if we were you, we would also try out all reliable tools available on the market. Do not have high hopes that you will get your files decrypted though.

We cannot say anything new about the distribution of FlatChestWare Ransomware because it is spread just like older ransomware infections are. That is, it is usually distributed as an attachment in spam emails. Security specialists at say that it can also easily enter computers due to weak RDP credentials. When FlatChestWare Ransomware is launched, it displays a fake Windows Update window on users’ screens and then starts working in full swing if they click the Restart now button. This is, actually, quite a unique thing because only a small number of ransomware-type infections acts like this. The chances are high that you will end up with malware on your computer again if you do nothing to protect your system today because there are much sneakier infections out there. We do not expect you to prevent malware from entering your system alone – we recommend that you enable security software on your computer.

FlatChestWare Ransomware does not drop any files on compromised machines. It only creates a new entry in the Run registry key so that it could revive after every system restart and continue working. Our instructions (you can find them below this article) will help you to fix this, but if you are a busy person or simply want to make sure that no active malicious components are left on your PC, we would recommend erasing it automatically. Acquire the reputable scanner and launch it – these are only two tasks you have to take on.

Delete FlatChestWare Ransomware

  1. Tap Win+R, type regedit.exe, and click OK to launch Registry Editor.
  2. Move to HKCU\Software\Microsoft\Windows\Current version\Run.
  3. Locate the Microsoft Update Value.
  4. Delete it (select it and press Delete).
  5. Close Registry Editor and tap Win+E to open Explorer.
  6. Go to erase recently downloaded suspicious files (they should be located in %USERPROFILE%\Desktop and %USERPROFILE%\Downloads directories).
  7. Empty Recycle bin.
Download Spyware Removal Tool to Remove* FlatChestWare Ransomware
  • Quick & tested solution for FlatChestWare Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.