Foqe Ransomware Removal Guide

Do you know what Foqe Ransomware is?

If Foqe Ransomware has invaded your Windows operating system, you probably know exactly what kind of a threat it is. That is because it does not conceal itself completely. At first, it runs silently, but only until all of your personal files are encrypted. After that, you are bound to discover this infection because it adds the “.foqe” extension to the corrupted files as a marker, and it also drops a file named “_readme.txt.” What do you do when you see a file with a name like that? Of course, you are likely to open and read the text inside it. Luckily, in this case, that is safe to do. Unfortunately, if you have discovered encrypted files and the text file, it does not look like you can fix the situation by removing Foqe Ransomware. That said, this is malware, and you must delete it as soon as possible.

There is no doubt that Foqe Ransomware was created using the code of STOP Ransomware. This code has been used by hundreds of infections already, and it looks that the Foqe variant is completely identical to some of the more recent ones, including Mmpa Ransomware, Efji Ransomware, or Kasp Ransomware. Of course, their names are different, but that is because the extensions that these infections attach to the corrupted files are different. Other than that, there aren’t any significant differences. They might be introduced to Windows users in the same ways too. You are most likely to face Foqe Ransomware and its clones via spam emails and downloaders, and so if you want to keep your system clean, we suggest being extra cautious when opening files and links attached to emails, as well as picking carefully which installers and downloaders can be trusted.Foqe Ransomware Removal GuideFoqe Ransomware screenshot
Scroll down for full removal instructions

Obviously, if Foqe Ransomware manages to slither in silently, it also can encrypt files. That would not be possible if trustworthy security software was installed to guard your operating system. That is something to keep in mind. The infection has two main tasks, which are to encrypt files and to deliver a ransom note, which, of course, is delivered using the “_readme.txt” file. The message claims that your important files were encrypted and that you can rely on the attackers to provide you with a decryptor. First of all, you cannot rely on the attackers, and you must remember that they can promise you anything to get your money. In this instance, a ransom of $490 is requested, and before you pay it, you are also instructed to email or These email addresses have been attached to the ransom notes of the clones of Foqe Ransomware as well.

Although you are unlikely to obtain the decryptor from cybercriminals – which is why we do not recommend paying the ransom – you might be able to decrypt the files using ‘STOP Decryptor.’ This tool is legitimate, and you can download it for free. Unfortunately, it cannot guarantee full decryption. You also might be able to replace the files using copies stored in backup. This is the ideal solution. In any case, you must delete Foqe Ransomware. Our guide below might help some Windows users remove the threat manually, but we believe that, in this situation, installing anti-malware software is best. This software can instantly remove Foqe Ransomware components, and it can reinstate Windows security to ensure that you are safe in the future. If you care about your security, this is the option to consider.

Remove Foqe Ransomware

  1. Access File Explorer (tap Win+E keys) and enter %HOMEDRIVE% into the quick access field.
  2. Right-click and Delete the file called _readme.txt and also the folder called SystemID.
  3. Enter %LOCALAPPDATA% into the quick access field.
  4. Right-click and Delete the folder with a unique name. Format is 0115174b-bd55-4caf-a89a-d8ff8132151f.
  5. Empty Recycle Bin and then use a reliable malware scanner to inspect the system for leftovers.

In non-techie terms:

If you are in an unfortunate situation of having to deal with Foqe Ransomware, you might be considering the solution introduced by cybercriminals. They want you to believe that they can provide you with a decryptor that will instantly restore all corrupted files. Unfortunately, trusting cybercriminals is unlikely to bring you any relief, and so we do not recommend contacting them and paying the ransom. We hope that you can rely on your own backups or a free decryptor to replace or restore your personal files. Before you do that, you must delete Foqe Ransomware, and even though it is possible to eliminate this malware manually, we strongly recommend implementing anti-malware software. The sooner you do it, the safer your system will be, and, on top of that, you will not need to worry about the removal of malware yourself.