EFDC Ransomware Encrypted File
3.3 | 3 Votes
What is an EFDC file?
In September 2021, some PC users began reporting their computers had been infected by a new variant of STOP ransomware. This variant encrypts users' files and appends them with the .efdc extension. The ransomware then produces a plain text ransom note named _readme.txt in every folder that contains an infected file. The note contains instructions users are meant to follow to decrypt their files.
How did my computer get infected by EFDC ransomware?
EFDC ransomware is most commonly distributed in programs that appear to be legitimate but are actually adware and malware bundles. If you recently downloaded and installed an unverified program, that may be how EFDC ransomware infected your computer.
NOTE: To learn more about STOP ransomware and its variants, refer to the .STOP entry.
How to open an EFDC file
Because EFDC files are encrypted, you cannot open them. Additionally, because EFDC files are encrypted using an online private key, there is no way to decrypt them.
If your computer has been infected by EFDC ransomware, the best option to restore your files to their original state is likely to perform a System Restore. Note that performing a System Restore will cause you to lose any data created in the interval between now and your last restore point. So, you may want to back up any data and files created since your last restore point.
FileInfo.com recommends you never pay a ransom to decrypt files encrypted by ransomware. Paying a ransom encourages ransomware distributors to continue their efforts, and there is no guarantee that paying a ransom will give you access to your files. Instead, you should restore your data from a recent backup created before the ransomware infected your computer.