Freezing Ransomware

The Freezing Ransomware is a variant of the Freeme Ransomware, a file-locking Trojan. This .NET-based threat uses encryption for blocking files, may generate pop-ups during its attacks, and leaves ransom messages asking for payment within one week. A backup that's well-maintained is an appropriate post-infection recovery option against this Trojan, and most anti-malware programs should block and delete the Freezing Ransomware instantly.

The Art of Ice Magic for Freezing Data

A .NET Framework Trojan with PowerShell commands is out in the wild, wielding AES encryption with an icy theme. Freezing Ransomware's choice of brand carries over into most of its encryption process, although the messages it leaves for victims are more generic than the rest of its payload significantly. Although it resembles similar threats of its kind, malware experts only link it genealogically to the Freeme Ransomware.

The Freezing Ransomware's design implies a campaign against business networks and vulnerable servers since it displays a visible CMD window while it blocks files. This encryption routine appends a temporary 'freezing' extension while it's ongoing, and replaces it with 'FreezedByWizard' afterward. Besides the traditional formats, such as RTF documents, the Freezing Ransomware, also, will block program EXE files.

For other symptoms of note, malware experts only confirm the Freezing Ransomware's using a Notepad TXT file as its ransoming instructions for unlocking help from the criminal. The message isn't very unusual and gives a seven-day limit for buying the unlocking code before the threat actor erases it. There isn't any information on the prices that the campaign charges, but victims should attempt every other recourse before surrendering to the risk of extortion-based transactions.

The Right Thaw for Your Computer's Winter

The Freezing Ransomware's internal use of ECDH encryption for securing the files that it blocks is a matter that makes a limited difference to its visible symptoms but separates it from other file-locker Trojans, such as RaaS families that use AES and RSA combinations. It may be the first .NET Framework-based Trojan of its type for using ECDH and is wholly incompatible with current decryption solutions for other file-locking Trojans. Users without better options can seek help from experienced PC security researchers for any future decryption possibilities.

Malware experts recommend all of the following precautionary steps against the Freezing Ransomware attacks, which can help with damage mitigation and infection prevention:

• Backing up your media will prevent the Freezing Ransomware from holding it hostage with an encryption routine that may not be crackable. Remote backups are preferable; although the Freezing Ransomware has yet to receive a confirmation for any Shadow Volume Copy-interfering behavior, most file-locker Trojans will tamper with those Windows backups, as well.
• Server administrators should avoid inviting attacks through poor security practices like avoiding updates for their software, leaving RDP on or using default passwords.
• Users can scan downloads that aren't certain of being secure, such as torrents or e-mail attachments, and should avoid illicit media.

Rates for detecting infections are low among the AV industry, overall. You can help with improving the identification chances by updating your anti-malware programs before having them remove the Freezing Ransomware, and providing samples to reputable security researchers.

Even though one of its encryption commands talks about 'magic,' there's nothing magical with the Freezing Ransomware's payload. It's an entirely mundane form of data-ciphering that anyone can beat with just as ordinary solutions.