FileFrozr Ransomware
Posted: April 3, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | April 3, 2017 |
---|---|
OS(es) Affected: | Windows |
The FileFrozr Ransomware is a Trojan that can encode your files with a cipher so that only the holder of its decryption key can unlock them. Its attacks enable the file-ransoming strategies seen in previous attacks of this type, which one can defeat most easily by backing your files up to a location the Trojan can't encrypt. Competent anti-malware protection also could delete the FileFrozr Ransomware before it finishes encrypting the contents of your hard drive.
A Chilly Spring for Someone's PC
The nature of the Ransomware-as-a-Service industry means that much of the development work of a Trojan is front-loading from the original threat actor, who passes off the final work of distribution onto others, from which he profits indefinitely. This model can result in a single Trojan like the FileFrozr Ransomware quickly splitting into numerous variants with subtle modifications by other people with interest in encrypting your files for money. At the moment, the FileFrozr Ransomware only appears to in its self-marketing phase, but malware experts anticipate deployment in the coming weeks of April.
The FileFrozr Ransomware uses a double-layered AES and RSA encryption method of locking the victim's files; an attack that, by now, is archetypal among many file-encrypting threats. It may block over two hundred separate formats of data (based on their extensions, such as '.DOC' or '.TXT'). While its author claims to be working on adding other features, malware analysts can only confirm the following ones in current releases of the FileFrozr Ransomware:
- The FileFrozr Ransomware uses original code not affiliated with past families of threats to better disguise itself from anti-malware databases. Additional, server-side code obfuscation also is available.
- The Trojan also includes a built-in Bitcoin panel for receiving payments from its victims without requiring the threat actor acting as admin to set up an independent server. As usual, the author opts to use the TOR browser's anonymity features to protect the Website.
- The FileFrozr Ransomware includes multi-threading features to use different processors, depending on the phase of operation.
- The original author also claims that the FileFrozr Ransomware can evade detection by current versions of some specific brands of anti-malware products.
Thawing Your Files out of an Icy Situation
Currently, the FileFrozr Ransomware requires Internet connectivity to finish its payload. However, its author is announcing his intention to update the Trojan with an offline version, along with such potential features as text-to-speech, new encryption ciphers, and a Windows UAC bypassing exploit. Even if he fails to honor his word on these promises, the version of the FileFrozr Ransomware that malware experts are seeing is a fully-functioning threat, capable of encrypting various data types on your PC permanently.
The FileFrozr Ransomware's author sells this product to other people who may distribute it in whatever fashion they prefer. While not all of its possible infection vectors are predictable, malware experts often find attacks of this type exploiting spam e-mails, Remote Desktop settings, and passwords protected inadequately. In other cases, other threats, like the RIG Exploit Kit, could install the FileFrozr Ransomware without your consent after your browser loads a hacked Website.
Removing the FileFrozr Ransomware and other Trojans like it, while essential to regaining a baseline of security on your PC, does nothing to undo any of its encryption attacks. Continue maintaining your backup strategies to keep variants of this threat from profiting off of your files in the coldest of ways.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 294.54 KB (294540 bytes)
MD5: 25abae5e16daf9795952e0195f7c7f7b
Detection count: 22
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 10, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.