FRS Ransomware
The FRS Ransomware is a file-locking Trojan that can encrypt your media to keep it from opening in other programs. While the threat also drops a decryption tool for 'unlocking' your data, malware experts recommend ignoring the ransom demands selling that application's password. Backing up your files or using freeware decryption programs can give you cheaper and safer recovery options, and any dedicated anti-malware program should remove the FRS Ransomware while also blocking its payload.
Piping Hot Batch of File Problems for You
Windows-compatible Trojans are keeping their place as the top group of file-locking threats with significant circulation numbers in the wild, but the internal structure of each Trojan can vary. One of these options available to would-be extortionists is using batch commands that they bundle together into a central executable and run without the local user's consent. Although the FRS Ransomware and similar, batch file-based Trojans are very simple, they do deliver the data-locking possibilities inherent to more advanced threats than themselves, like the Globe Ransomware or the Crysis Ransomware.
The FRS Ransomware is a creation of the freeware program of Quick Batch File Compiler, which is one indication that the threat actor has limited experience and resources available. The FRS Ransomware is installing itself with copyright information associating it with a 'FIFCOM' corporate entity, which makes it a probable candidate for circulating via e-mail spam or a fake business or news website. Besides the standard, auto-running feature, malware experts also are isolating the following functions in the FRS Ransomware's command list:
- The FRS Ransomware targets several locations for encrypting and 'locking' the individual files, including the Windows desktop, Pictures, Favorites, and Videos. The FRS Ransomware adds the '.FRS' extensions to what it blocks (so that, for instance, 'cat.gif' would become 'cat.gif.FRS').
- The Trojan also places several files on the user's desktop: a set of ransom instructions in both Notepad TXT and PNG formats, a second image of the Chinese national flag (which may be a replacement for the user's wallpaper), and a decryption executable.
Current builds of the FRS Ransomware launch the decryption tool automatically, and malware analysts have no further details on any ransom demands by the threat actor or the probability of breaking the Trojan's encryption algorithm with the help of a third party. It's possible, based on current samples, that the FRS Ransomware is an 'educational' project, similar to the Utku Sen's Hidden Tear.
Keeping the Wrong Commands from Running Away with Your Data
Although potentially harmless, the FRS Ransomware's similarity to the still-growing family of Hidden Tear makes it clear that the Trojan is a potential risk for any PC owner without a comprehensive backup strategy. Malware experts encourage backing your data up to a removable device or a protected cloud server, if possible, to keep file-locking threats from encrypting anything permanently. A minority of file-locking threats also are vulnerable to decryption software that users can use with the help of an appropriate cyber-security specialist, such as a researcher focusing on Trojans with cryptography-oriented payloads.
As a byproduct of the Quick Batch File Compiler, the FRS Ransomware can install and launch itself on different versions of Windows, including Windows 10. Users should scan potential downloads, such as e-mail attachments, for any threats that might infect their PCs, and disable all possibly unsafe content, such as DOC macros and browser scripts if it's possible. Over two-thirds of all brands of anti-malware software on the market are deleting the FRS Ransomware, and any victims should rely upon these solutions for disinfecting their PCs safely.
Besides being a Chinese threat, the FRS Ransomware is a simple showcase of how a program can become toxic with no more effort than listing a few, straightforward commands and compiling them together into a batch file. Since the FRS Ransomware takes no more than a few minutes to put together, PC owners everywhere should remember to make it as hard as possible for encryption to cause data loss of any permanence to their media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.