Files Fixer Ransomware

The Files Fixer Ransomware is a file-locking Trojan and a variant of the Xorist Ransomware, a freely-available programming resource. After locking the user's files with encryption and adding warnings onto their extensions, the Files Fixer Ransomware delivers a ransom demand in a Notepad message. Users can recover through freeware decryption tools or their private backups and may have a dedicated Windows security solution to delete the Files Fixer Ransomware.

Speculating on the Price of a Rigged File Fixer-Upper

The days when a threat actor required personal programming experience for their pet Trojan campaign are long-gone – although the knowledge and expertise also are certain benefits. 'Prepackaged' Trojan kits like the Xorist Ransomware are a years-strong mainstay in the threat landscape, as this family expresses with variants like the AAC Ransomware and the Xorist-Frozen Ransomware, up to 2020's Duluth Ransomware, the ZaLtOn Ransomware, and the Files Fixer Ransomware. The last Trojan in question is a particularly-novel incident that dispenses with several of the file-extortion business's norms.

The Files Fixer Ransomware is compatible with most Windows environments, including Windows 10, and wields a primary feature of file encryption – with which it blocks documents, pictures, and other media on the PC from opening. Although adding an extension is a tradition amongst file-locker Trojans, the Files Fixer Ransomware includes this enhancement with an unusual, full-length sentence ('FIXME-DAMAGEDFILES-NEED-TO-CONTACT-THE-EMAIL- URGENTLY-OR-YOUR-FILES-WILL-BE-PERMANENTLY-DELETED'). A separate ransom note advertises the threat actor's file recovery service, oddly, as the out-of-date 'Files Fixer 2017.' It gives no price for the ransom.

Malware experts point out that the Files Fixer Ransomware isn't three years old; in fact, the first known samples date back no farther than December of 2020. For its part, the first Xorist Ransomware project is years old but even older than the date that this Trojan advertises, which raises the question of what 2017 signifies, if anything.

Fixing Up Trojan-Based File Problems

Paying a ransom to a notably-unprofessional threat actor might or might not help any given victim with unlocking their files. Besides the risks of doing so, malware experts also point to most Xorist Ransomware variants being compatible with Emsisoft's totally-free decryptor to restore any affected media. However, this solution isn't practical for most Trojans of the Files Fixer Ransomware's classification, and all users should have backups in secure, remote storage, regardless.

The Files Fixer Ransomware's installer uses the name of 'fixme,' which might speak to its being a fake version of remote administration software. Users can improve their safety by avoiding illegal or unofficial downloads for any programs, scan new files before opening them, and undertaking general-purpose precautions like having strong passwords that block attackers from accessing any accounts. The Files Fixer Ransomware can block files on most Windows systems; it's more likely to target business entities for profitability purposes but can harm home PCs' media.

Professional anti-malware services will block most Xorist Ransomware offshoots automatically. Malware experts confirm this effectiveness also holds of this new version, and any users removing the Files Fixer Ransomware can depend on traditional security products to do so.

The Files Fixer Ransomware is an enthusiastic but vague self-marketer. As in more ordinary cases of suspicious capitalism, PC owners should beware of salespeople offering mysterious goods, especially at digital knife-point.