First Ransomware

First Ransomware Description

The First Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source ransomware engine that was released for 'educational purposes' publicly and became the basis for countless encryption ransomware Trojans released in 2016 eventually. PC security researchers uncovered numerous variants of HiddenTear released in the last months of 2016, all of which are nearly identical to the First Ransomware with the differences located in each variant's ransom note and theme. The First Ransomware receives its name from a line in its ransom note that reads 'You just got my little brand new ransomware.' It is likely that the First Ransomware is not a sophisticated threat and created by an amateur, and that the First Ransomware is this person's first ransomware Trojan (which would also explain the name associated with the First Ransomware).

How the First Ransomware may be Distributed to Its Victims

The First Ransomware may be distributed using spam email attachments. These spam email attachments may use documents containing corrupted macros that download and install the First Ransomware when the document is opened. PC security researchers suspect that the First Ransomware is designed to target servers mainly, which represent more lucrative targets than computers belonging to individuals. Corrupted file attachments that abuse macros have become one of the preferred methods for distributing threats like the First Ransomware. In the case of the First Ransomware, a file named 'Firstransomware.exe' is downloaded onto the victim's computer.

Understanding the First Ransomware Attack

Once the file is downloaded, it begins carrying out its attack. The First Ransomware will encrypt numerous files on the victim's computer, adding the extension '.krzysioka' to the end of each affected file's name. The First Ransomware uses a strong encryption algorithm, despite that the rest of its implementation is clearly the work of an amateur rather than of a sophisticated coder. Because of this, it may not be possible to decrypt the files that have been compromised during the First Ransomware attack without the decryption key, which the con artists hold in their possession. The First Ransomware displays a ransom message that pops up in a window named 'Death Bitches.' This window contains a picture of a skeleton and the ransom note, which is reproduced below:

'You have achieved something
You just got my little brand new ransomware
Anyways, lets talk about your files and PC
Your files are crypted with strong encryption that is literally uncrackable
Pay 1.5 BTC, and i am going to decrypt your files.
Death, be not proud, though some have called thee
Mighty and dreadful, for thou art not so;
*You have got 48 hours to make a payment. If time is up, then your data is going to be deleted.'

How to Deal with the First Ransomware

The ransom that the First Ransomware demands is quite high, the equivalent of approximately $1600 USD. This is substantially higher than most ransomware Trojans active today. However, if the First Ransomware manages to take over a server, particularly one belonging to business, then the victims may be willing to pay thousands of dollars if backups of the affected files do not exist. As with most ransomware Trojans, the best protection against the First Ransomware is to have backups of all data. Today, external memory devices are inexpensive, and it is possible to obtain large quantities of storage space on the cloud even for free. Because of this, there is no excuse for not having regular backups of all important files. Having backups of all files nullifies attacks like the First Ransomware completely. If the victim of the ransomware attack can recover the affected files by restoring them from the backup, then the people responsible for the First Ransomware have no way to demand a payment; they lose their advantage over the victim. Apart from backups, PC security analysts recommend the use of a reliable security program to intercept these attacks before they manage to carry out their encryption on the victim's computer.

Infected with First Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect First Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 15 + 9 ?