Brickr Ransomware Removal Guide

Do you know what Brickr Ransomware is?

When Brickr Ransomware invades the targeted operating system, it quickly encrypts files in selected directories. Our research team has also found that this infection encrypts specific files that usually represent your personal photos and documents. At the time of research, no legitimate or free decryption tool was available, which meant that the only way to decrypt files was by following the instructions offered by the creator of the malicious ransomware. The problem is that there are absolutely no guarantees that a decryption tool would be provided to you if you followed these instructions. Despite this, some users might choose to take the risk because the ransom that is requested in return of a decryptor is only $55, which is extremely low compared to other infections that demand ransoms that are hundreds and thousands of dollars. Have you paid the ransom? Are you still thinking about it? Most important, have you considered the removal of Brickr Ransomware? Find answers to your questions in this report.

According to the latest information, the installer of Brickr Ransomware might be spread via corrupted spam emails. As you might know, most ransomware infections are spread using this security backdoor, and Haters Ransomware, Ctf Ransomware, and Blooper Ransomware are a few of them. As soon as the infection is in, it immediately encrypts the files found in %ALLUSERSPROFILE%\Microsoft, %WINDIR%, %PUBLIC%\Music, %PUBLIC%\Pictures, %USERPROFILE%\Desktop, and %USERPROFILE%\Documents directories. Some of the files that this infection targets include JPG, TXT, MP3, and ZIP. Once the files are encrypted, Brickr Ransomware opens a window entitled “File Informer.” Additionally, a TXT file called “READ_DECRYPT_FILES.txt” is created too. Both the window and the TXT file represent the same information that is meant to push you into paying a ransom of 55 USD. According to the ransom note, you need to transfer the money to 1F5yPatW4iwehcvYn7KSqqHs1NpWBHHMqV. The latest information shows that no one has transferred money to this Bitcoin Address yet.Brickr Ransomware Removal GuideBrickr Ransomware screenshot
Scroll down for full removal instructions

If you choose to pay the ransom, you supposedly need to confirm it by emailing cyber criminals at You are asked to send your ID number that is represented via the ransom note as well. After all this, you should be sent a decryption key that allegedly would allow you to “unlock” your personal files. Although the transaction might seem legitimate, our research team warns that cyber criminals are not to be trusted. It is far more likely that you would not hear from the creator of Brickr Ransomware ever again after you pay the ransom, than it is that your files would be decrypted. But, of course, you have to make the decision yourself. If your files are not backed up, and you really need them decrypted, it is likely that you will choose to pay the ransom.

Deciding what to do about your personal files is a complicated task. Once you figure that out, all you have to do is delete Brickr Ransomware, and that is fairly easy to do. Simply terminate a malicious process, delete the launcher, and erase a few RUN registries. If you have experience with such tasks, you will have no problem eliminating the ransomware. What if you are not experienced, and you do not think you can remove Brickr Ransomware manually? If that is the case, we strongly suggest installing anti-malware software. In fact, even if you are inexperienced, employing this software is important because you want to keep your operating system protected against infections in the future.

Remove Brickr Ransomware

  1. Launch Task Manager (tap Ctrl+Shift+Esc keys) and click the Processes tab.
  2. Identify the malicious {random name} process, right-click it, and select Open File Location (this is where the {random name}.exe launcher is).
  3. Go back to the Task Manager and End task/process.
  4. Go to the location of the launcher (might be %TEMP%, or Downloads and Desktop folders).
  5. Right-click the {random name}.exe launcher file and choose Delete.
  6. Empty Recycle Bin.
  7. Launch RUN (tap Win+R keys) and enter regedit.exe to launch Registry Editor.
  8. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  9. Right-click and Delete these values (first, check if they represent ransomware components):
    • WidnowsNetworkingSvc (should represent a malicious .exe file)
    • WidnowsNetworkingSvcn (should represent READ_DECRYPT_FILES.txt)

In non-techie terms:

You must realize that you need to delete Brickr Ransomware as soon as it encrypts your files and demands a ransom. While there are tons of infections that are hard to recognize or that conceal themselves, this one does not hide its true purpose, which is to make you pay a ransom. Paying it is not something we can recommend because the chances of you not getting anything in return are pretty high. If you want to take the risk, make sure you use a new email address so as not to provide cyber criminals with your personal one. In either case – whether or not you pay the ransom – removing the ransomware is crucial, and using anti-malware software is strongly recommended. Otherwise, you can use the manual removal guide above.