Felix Ransomware
The Felix Ransomware is a file-locking Trojan that's from the Crysis Ransomware or the Dharma Ransomware families. During infections, users may find media files incapable of opening in their programs and see ransoming messages, including pop-ups. Besides a properly secure backup for content recovery, appropriate measures include the use of anti-malware services to remove the Felix Ransomware entirely.
A Trojan Middleman Between Your Computer and Your Monitor
Since the prominent Ransomware-as-a-Service families are so streamlined, any significant changes to payload behavior is a noteworthy event. For the Dharma Ransomware family, it comes in the form of the Felix Ransomware. While similar to its relatives in its attacks, the Felix Ransomware also adds on changes in software interactions and ransoming platforms of questionable purpose.
The core loop of the Felix Ransomware is the same as always: the Windows Trojan searches for media files (examples include Word documents or GIF pictures, among dozens of others), securely encrypts them with AES and inserts victim IDs, its e-mail, and its extension into their names. The first change that's obvious to any victim comes in its HTA pop-up, with the ransoming information. Although the template is standard, the Felix Ransomware switches e-mail providers to the encrypted CounterMail service.
The choice is a possible cross referential joke, as much as securing the threat actor's identity. The Felix Ransomware also accesses various Windows Performance Counter values in the Registry, modifying them for unclear reasons. Malware experts currently estimate that it's doing so to interfere with the Windows Performance Monitor's output, but other programs can also use the counter information.
Clearing Your Monitoring Experience of Unwanted Values
The Felix Ransomware's double word insertion into Registry entries marks a hitherto unseen and concerning case of the Trojan's family extending its application-interfering features. Despite this upgrade, malware researchers find its fundamentals almost no different from more-conventional relatives like the 0day0 Ransomware, the Bmtf Ransomware, the GNS Ransomware or the R3f5s Ransomware. Users without backups are at the most risk from the Felix Ransomware's damage to their files, and local, default ones like the Restore Points may be inadequate solutions.
Any Windows user can create backups on offsite drives that provide restoration options without paying the Felix Ransomware ransom, which is a risky way of accessing a theoretically working decryptor. Preventing infections can take many methods, including avoiding torrents, turning off Flash and JavaScript, and scanning e-mail attachments before opening them. In server environments, malware experts also recommend controlling software versions strictly and using secure passwords for admin accounts, particularly.
Despite its changes elsewhere, for obfuscating itself, this Trojan has no notable improvements. Trustworthy Windows anti-malware programs should detect and remove the Felix Ransomware on sight.
It's too soon for telling if the Felix Ransomware's changes are part of a new branch in theĀ Crysis Ransomware gang or a temporary deviation. In either event, it's a threat that makes its way in a world full of, unhappily, backup-lacking victims.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.