FrozrLock Ransomware
Posted: May 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | April 3, 2017 |
---|---|
OS(es) Affected: | Windows |
The FrozrLock Ransomware is a variant of the FileFrozr Ransomware, a Ransomware-as-a-Service Trojan that can encrypt your files to block them and, then, deliver ransom messages. Additional attacks malware experts are associating with the FrozrLock Ransomware includes various means of damaging any local backups. Use non-local backups for protecting your files and anti-malware tools for blocking the FrozrLock Ransomware infections from the outset.
The Big File Freeze Begins
In April, malware experts took notice of a new RaaS family being put up for the use of third-party crooks, who could deliver a custom build of the Trojan to any victims in whatever manner they found preferable. That family is showing recent signs of live activity as a new sample, the FrozrLock Ransomware, is directly traceable back to the previous FileFrozr Ransomware. This section of the family appears to be disguising itself as a PDF document compromising residents of Spanish-speaking regions and gains system access through e-mail-transmitted JavaScript exploits.
The FrozrLock Ransomware's installation also is concealed with code-obfuscating techniques that hide it from some security products along with a (currently revoked) digital certificate. Its encryption method may vary from the AES and RSA to the rarer option of Twofish-256, depending on the configuration values that the third-party threat actor provides. Whatever its choice of encryption algorithm might be, the FrozrLock Ransomware blocks all content it encrypts from opening.
To guarantee that the victim can't recover easily, the FrozrLock Ransomware also takes multiple steps for removing any default restoration copies that Windows might save. It deletes SVC data with a common Vssadmin exploit that suppresses any visible symptoms of the command and makes further modifications to any free disk space for confusing attempts at recovering these backups.
When a Trojan's Pop-Ups are the Least of Your Worries
The FrozrLock Ransomware appears to retain most of the previous features malware experts took note of with its family, although they haven't been able to confirm promised updates like an offline-mode payload. Depending on the settings that different versions of this threat are using, decrypting your files may or may not be a possibility. For most PC users, backing up their work to another drive can keep Trojans like the FrozrLock Ransomware from causing any damage that isn't fully reversible.
The FrozrLock Ransomware fork of the FileFrozr Ransomware family is under suspicion of using spam e-mails as a primary delivery method. Scan any message attachments with appropriate security products to detect any content that could compromise your PC, such as a macro-based downloading exploit. Preventing an infection by deleting the FrozrLock Ransomware on sight is the most straightforward strategy for keeping the contents of your PC unharmed.
Throughout the year, there may be more sightings of the FrozrLock Ransomware or the FileFrozr Ransomware family in action. No matter if that turns out been the case or not, malware experts only are seeing a steadily growing list of reasons for backing your files up to another system.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 294.54 KB (294540 bytes)
MD5: 25abae5e16daf9795952e0195f7c7f7b
Detection count: 22
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 10, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.