FreeFoam Ransomware
Posted: July 31, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 35 |
| First Seen: | July 31, 2017 |
|---|---|
| Last Seen: | September 2, 2022 |
| OS(es) Affected: | Windows |
The FreeFoam Ransomware is a Trojan that encrypts files to hold them hostage until the user pays Bitcoins for decrypting them. Having backups and preventing infections in the first place are the most direct and efficient defenses against this threat, which may damage documents and other media permanently. Malware experts recommend ignoring any ransom-related instructions from the Trojan, when possible, and uninstalling the FreeFoam Ransomware with professional anti-malware software.
A Fresh Crest of Foam in Piracy-Laden Seas
Russians or those interested in Russia-related Web content soon may have another hazard to contend with: the FreeFoam Ransomware, which is following up on the heels of similar campaigns like those of the CryptoViki Ransomware and the Fatboy Ransomware. While malware experts see symptoms in the FreeFoam Ransomware infections very similar to those of a Hidden Tear variant, this possible relationship isn't verifiable. As always, users should implement proactive data redundancy and security strategies for defending their local data from the FreeFoam Ransomware's attacks.
When opened, the FreeFoam Ransomware generates a unique string that's custom for that installation. After creating the system's ID, the FreeFoam Ransomware searches local directories for data such as Word documents, Excel spreadsheets, JPG pictures and other media. The FreeFoam Ransomware encrypts these files using a cipher still under analysis and inserts '.freefoam' extensions at the ends of their names. Then, it generates a Notepad file that conveys its ransoming instructions dynamically, along with relevant information, such as the ID number.
Even though the FreeFoam Ransomware's encryption may harm PCs using other language settings, its text message uses Cyrillic and appears to be targeting residents of Russia specifically. The Trojan gives little other information, besides asking you to contact its threat actor's e-mail, after which you will be demanded to pay a ransom (such as a set amount of the Bitcoin cryptocurrency). Until then, any encrypted content is unusable.
How to Stop Trojans from Being Too Free with What's not Theirs
Malware experts have found limited evidence of the FreeFoam Ransomware's being in circulation. However, other campaigns attacking Russian residents with encryption are using exploit kits, e-mails and fake pirated software downloads. Staying away from illegal download resources, blocking Web content that's open to exploitation (such as JavaScript and Flash), and scanning new files before opening them may help eliminate any potential drive-by-downloads.
Coin artists taking ransoms from victims in similar circumstances may or may not reciprocate with any possible decryption help. Copying the encoded content and testing them for compatibility with freeware decryptors can provide recovery solutions for users without backups. If you do need to back up your media, malware experts recommend making full use of USB and other, external storage options that are less vulnerable to threats like the FreeFoam Ransomware. Alternately, removing the FreeFoam Ransomware with an anti-malware product before it finishes attacking the PC also is possible.
Whatever the economic reasons may be behind these attacks, Russia is becoming a regular target for con artists using file hostage-taking techniques. While Trojans like the FreeFoam Ransomware remain in circulation, encryption is more than just a security or privacy feature: it also is a danger to anyone assuming they don't need to back up their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.