Freezing Ransomware is a malicious application that was created by a hacker who calls himself a wizard. As you see, once the malware encrypts data, it appends the .FreezedByWizard extension to all of its encrypted files. However, it is unlikely that users could find this extension on their data anytime soon as it appears the threat could be still in the development process. Our specialists think so because the launcher they tested did not create or display a ransom note, which is, in many cases, essential to such infections. A ransom note can contain an explanation of how a user’s files were encrypted, why they were targeted, and, most importantly, what a victim can do to get them back. Thus, such a note is vital if an infection is created for money extortion, and we believe Freezing Ransomware could be developed for the same purpose. For further information on this malicious application, we invite you to read the rest of this article.
Since our researchers believe Freezing Ransomware could be a tool for money extortion, we think the fact it does not show a ransom note means its creators are not done with it. Consequently, it is possible they have not begun to distribute it yet. Currently, one of the most popular ways to spread a ransomware infection is to send targeted victims malicious email attachments. This is why cybersecurity experts often advise scanning suspicious files or data from senders you do not know with reliable antimalware software.
There is one other popular method that cybercriminals use just as often. What we have in mind is uploading malicious installers onto file-sharing websites and sites alike. Provided you do not want to receive an infection by downloading software from untrustworthy sources, we highly recommend choosing legitimate web pages in the future. Also, threats like Freezing Ransomware can enter a system while visiting malicious sites through a computer’s vulnerabilities. Thus, it is just as essential to ensure your device has no weaknesses, such as old passwords, outdated software, or unsecured RDP connections.
Now that we know how it could be spread, it is time to learn about how Freezing Ransomware works and what could change if its developers finish creating it. The installer we tested did not drop any files except a .log file in the %ALLUSERSPROFILE% directory. Because of this, it was able to start encrypting files almost at once. At the time of encryption, it was observed that the threat enciphered almost all files. The only exceptions were files with the .exe, .dll, and .iso extensions. It is vital to mention that the malware chose particular directories where to encrypt data too. The targeted locations were %USERPROFILE%, %TEMP%, %APPDATA%, and %LOCALAPPDATA%. Besides, as mentioned in the beginning, all encrypted files received the .FreezedByWizard extension.
If Freezing Ransomware is indeed not yet finished and its developers are still working on it, the final version of it could act a bit differently. For starters, it might target not just a few folders, but all directories that do not contain program data. In other words, it could encrypt much more personal files. Also, we believe the malware ought to create a text document or open a window containing a ransom note. Whatever such a note could propose, you should consider it carefully and keep in mind that there is always a risk the hackers could trick you.
The deletion instructions located below this paragraph explain how to erase Freezing Ransomware manually. It is vital to stress that they might work only on this particular threat’s version. In other words, if the malware gets updated, its removal could change as well. Therefore, if you come across Freezing Ransomware, it might be smarter to leave its deletion for a reliable antimalware tool of your choice.