Home Malware Programs Ransomware '.frmvrlr2017 File Extension' Ransomware

'.frmvrlr2017 File Extension' Ransomware

Posted: February 28, 2018

The '.frmvrlr2017 File Extension' Ransomware is a variant of the Globe2 Ransomware, a Trojan that can lock your files by encrypting them with RC4. These attacks are decryptable without paying the ransom that this threat demands, although malware experts also emphasize having backups for general purposes of protecting your data. When possible, users should keep anti-malware programs for deleting the '.frmvrlr2017 File Extension' Ransomware before it harms their files.

The Plundering of Turkey's Computer Files Continues Apace

While it's most notable as the 'birthplace' of the Hidden Tear family, Turkey also, periodically, comes under attack by other file-locking threats, such as Globe2 Ransomware and the Jigsaw Ransomware. Variants of these families, like the '.justice File Extension' Ransomware and the newer '.frmvrlr2017 File Extension' Ransomware, make up part of the 2018's threat landscape. Accordingly, Turkish users without backups run the danger of having their files blocked by encryption that makes them non-usable permanently.

As per malware researchers' analyses, the '.frmvrlr2017 File Extension' Ransomware's encryption mechanisms have no changes from those of prior versions of the program and use an RC4 algorithm. Along with the file-locking encryption attack, the '.frmvrlr2017 File Extension' Ransomware also, as its name would imply, adds '.frmvrlr2017' extensions to the names of any media it blocks.

After encrypting everything, the Trojan launches a pop-up window containing an advanced HTML content. The ransom note included therein is a Turkish-language message that's custom-built for government and business server-based targets, and delivers a time limit and an e-mail for contacting the threat actors (and negotiating the ransom). At this date, malware researchers are unable to acquire details on the ransom payments, but paying is inadvisable since it rewards the harmful activity and doesn't necessarily give the victim a decryptor.

Setting Your Servers Back to Rights

Although many attacks against business and government networks utilize encryption routines that are impossible to decrypt within a reasonable time frame, the '.frmvrlr2017 File Extension' Ransomware uses RC4 (or ARC4), which is not very secure. Our malware experts recommend creating copies of any locked files and testing their possible compatibility with free decryption programs available with appropriate cyber-security organizations. However, decryption isn't possible for all file-locking attacks, and having backups often is the only recourse for a victim that doesn't involve the dangers of paying ransoms.

Threat actors often use two ways of compromising business, NGO and government servers: cracking the login combinations with brute-force software and distributing Trojan-installing exploits in e-mail spam. With the latter, our malware experts especially advise against enabling macros within strange documents, or opening attachments without scanning them for threats to your computer. Standard threat heuristics in anti-malware programs should catch and delete the '.frmvrlr2017 File Extension' Ransomware, in most cases.

You may save time by not backing up your servers or following a secure password-formulation protocol only to pay the price for it later. As long as Trojans like the '.frmvrlr2017 File Extension' Ransomware convince even a single person to pay their ransom, their industry is a danger to anyone who doesn't take care of their files.

Loading...