FlatChestWare Ransomware Removal Guide

Do you know what FlatChestWare Ransomware is?

The Hidden Tear family is growing, and FlatChestWare Ransomware is one of the latest threats to join it. All infections from this family were created using the same code that a self-proclaimed virtual security enthusiast, Utku Sen, created several years ago. Although he is the creator of the original code, he is not responsible for the development of hundreds of malicious ransomware infections that we have reported on our website. Some of the latest ones include Explorer Ransomware, HUSTONWEHAVEAPROBLEM Ransomware, and BrainLag Ransomware. It is unknown who stands behind these threats, but the chances are that different parties are involved. According to the latest information our research team has gathered, this malware usually spreads with the help of corrupted spam emails or using RDC exploits. Unfortunately, the infection is silent, and it is likely to invade operating system without the knowledge or their users. That, of course, means that these users usually fail to remove FlatChestWare Ransomware before it initiates the encryption of files. In most cases, victims discover the threat only when the deed is done.

When FlatChestWare Ransomware slithers into your operating system, it immediately creates a point of execution in HKCU\Software\Microsoft\Windows\Current version\RUN. It does not create any files, and the PoE helps execute the threat when the PC is restarted. Immediately after execution, the threat launches a fake “Windows Update” notification that suggests that you need to restart the PC to install updates. If you click the “Restart now” button, the computer is not restarted normally. Instead, a window represented by the malicious ransomware appears. This window displays a message that informs that your photos, videos, downloads, documents, and other personal files are encrypted. It also warns that any attempts to delete FlatChestWare Ransomware could cause damage to the files. You are pushed to pay a ransom to 1PFms6LMmamjPE3VCFB83Yfa5TaoDdsjrB as that, allegedly, is the only way for you to recover your files. If you click the “Help” button shown at the bottom of the ransom note, you are introduced to the ransom, which is 150 USD. At the time of research, the Bitcoin Wallet used for the collection of ransoms was empty, which means that no one has been forced into paying the ransom yet.FlatChestWare Ransomware Removal GuideFlatChestWare Ransomware screenshot
Scroll down for full removal instructions

When files are encrypted by the malicious FlatChestWare Ransomware, they get the “.flat” extension. All files with this extension are unreadable, and it is added only just so you would not need to look through all files to see which ones were compromised. Unfortunately, this ransomware is not one of those threats that are unable to encrypt data. The encryption is real. What does that mean? That means that your files might be permanently lost. In some cases, legitimate decryptors become available, but that happens in very rare cases. Obviously, if you have no way of recovering your files, we suggest storing them – instead of deleting them – just in case a decryptor is created. What about the ransom? Although the creator of FlatChestWare Ransomware wants you to believe that your files would be decrypted if you paid the ransom, that is highly unlikely to happen. Obviously, we do not recommend paying the ransom.

If you refer to the instructions below, you should delete FlatChestWare Ransomware from your Windows operating system in no time. Unfortunately, you cannot recover your files by eliminating this threat. In fact, that might be impossible at all. What if you fail to eliminate the threat manually? That is not a problem because you have one more option, which is installing anti-malware software. This software is designed to automatically uncover and remove existing threats, and we strongly recommend installing it.

Remove FlatChestWare Ransomware

  1. Launch RUN by simultaneously tapping keys Win+R.
  2. Enter regedit.exe and click OK to launch Registry Editor.
  3. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\RUN.
  4. Open the value named Microsoft Update and copy the location of the malicious launcher.
  5. Delete the value and exit Registry Editor.
  6. Launch Explorer by simultaneously tapping keys Win+E.
  7. Paste the location of the malicious launcher into the bar at the top.
  8. Right-click and Delete it and then Empty Recycle Bin.
  9. Install a trustworthy malware scanner to check for any malicious leftovers.

In non-techie terms:

When FlatChestWare Ransomware invades the targeted operating system, it tries to hide itself using a bogus Windows Update notification. If the user is tricked into clicking the Restart button represented via it, they are then introduced to a notification suggesting that the only thing the victim can do is pay the ransom of $150. Even if that is the only option, paying the ransom is very risky because cyber criminals are unlikely to give you anything in return. That means that you might lose your files and your money. If you have backups, you do not need to worry about anything. If backups do not exist, you need to make sure that you start backing files up once you delete FlatChestWare Ransomware. We suggest doing that with the help of anti-malware software, but you might be able to erase this malware using the guide above as well.