FORMA Ransomware
The FORMA Ransomware is a variant of Hidden Tear, a pseudo-open source, file-locking Trojan. Attacks by this threat include encrypting your files so that they will not open and displaying ransoming messages, such as text files and screen-blocking pop-ups. Ignore any ransoming demands for the decryptor and have an appropriate anti-malware program remove the FORMA Ransomware before using free recovery options for your data.
Poland's Next Trojan Problem is Unhidden
Hidden Tear, the Turkish project that began as an educational programming lesson and has, since, been the subject of hijacking into a series of harmful campaigns, is showing more relatives for the last month of the year. The FORMA Ransomware is not very different from other HT variants like the ABANTES Ransomware, the Assembly Ransomware, the Epoblockl Ransomware or the XeroWare Ransomware. However, it does boast at least two characteristics that malware experts don't always see in this family: a screen blocker and a nationality-specific ransom note.
The FORMA Ransomware uses an AES algorithm for encrypting and locking the files, which is the standard across nearly all versions of the Utku Sen's Hidden Tear. Initial samples also are displaying visible CMD prompts during their startups, which implies the Trojan's being in-development. On the other hand, the encryption feature works in full and blocks media like Word documents, Excel spreadsheets, or JPG pictures successfully, and, also, adds '.locked' extensions into their names.
The ransoming message is the FORMA Ransomware's only semi-unusual aspect, which malware experts see in a format that's not a default for Hidden Tear variants. The FORMA Ransomware covers the entire screen with an advanced Web page-based window that conveys ransoming information, but only in Polish. The FORMA Ransomware gives the victim a deadline for paying for the decryptor and an e-mail for negotiating, although free decryption services from members of the cyber-security industry should be available for any users that require them.
Breaking Out of the Form of Media Vulnerability
Multiple sources active in the AV industry are providing help for unlocking solutions that are specific to the FORMA Ransomware and, as a version of Hidden Tear, it should be decryptable easily. As an extra precaution, since not every file-locking Trojan is as mitigated easily, malware experts encourage keeping your backups on other devices, if it's possible. Submitting to the ransom demand is one's last resort, if any victims consider it at all, with the potential risk of not getting a decryptor after paying.
Some versions of the FORMA Ransomware are distributing with the name of 'blessed.bat,' which remains the only clue malware experts have to its installation exploits. While the FORMA Ransomware is Windows software, similar encryption attacks are compatible with most operating systems of relevance to modern PC owners. Have your anti-malware products delete the FORMA Ransomware as they detect it for removing any encryption dangers before proceeding with other recovery options as is appropriate.
The FORMA Ransomware, like the 2017's Technicy Ransomware and the Meteoritan Ransomware, is a Trojan targeting highly-specialized parts of Europe. While Poland may be the extent of the FORMA Ransomware's plans, other forms of Hidden Tear are more than happy to endanger any files in the rest of the world.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.