First Ransomware

The First Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source ransomware engine that was released for 'educational purposes' publicly and became the basis for countless encryption ransomware Trojans released in 2016 eventually. PC security researchers uncovered numerous variants of HiddenTear released in the last months of 2016, all of which are nearly identical to the First Ransomware with the differences located in each variant's ransom note and theme. The First Ransomware receives its name from a line in its ransom note that reads 'You just got my little brand new ransomware.' It is likely that the First Ransomware is not a sophisticated threat and created by an amateur, and that the First Ransomware is this person's first ransomware Trojan (which would also explain the name associated with the First Ransomware).

How the First Ransomware may be Distributed to Its Victims

The First Ransomware may be distributed using spam email attachments. These spam email attachments may use documents containing corrupted macros that download and install the First Ransomware when the document is opened. PC security researchers suspect that the First Ransomware is designed to target servers mainly, which represent more lucrative targets than computers belonging to individuals. Corrupted file attachments that abuse macros have become one of the preferred methods for distributing threats like the First Ransomware. In the case of the First Ransomware, a file named 'Firstransomware.exe' is downloaded onto the victim's computer.

Understanding the First Ransomware Attack

Once the file is downloaded, it begins carrying out its attack. The First Ransomware will encrypt numerous files on the victim's computer, adding the extension '.krzysioka' to the end of each affected file's name. The First Ransomware uses a strong encryption algorithm, despite that the rest of its implementation is clearly the work of an amateur rather than of a sophisticated coder. Because of this, it may not be possible to decrypt the files that have been compromised during the First Ransomware attack without the decryption key, which the con artists hold in their possession. The First Ransomware displays a ransom message that pops up in a window named 'Death Bitches.' This window contains a picture of a skeleton and the ransom note, which is reproduced below:

'You have achieved something
You just got my little brand new ransomware
Anyways, lets talk about your files and PC
Your files are crypted with strong encryption that is literally uncrackable
Pay 1.5 BTC, and i am going to decrypt your files.
Death, be not proud, though some have called thee
Mighty and dreadful, for thou art not so;
*You have got 48 hours to make a payment. If time is up, then your data is going to be deleted.'

How to Deal with the First Ransomware

The ransom that the First Ransomware demands is quite high, the equivalent of approximately $1600 USD. This is substantially higher than most ransomware Trojans active today. However, if the First Ransomware manages to take over a server, particularly one belonging to business, then the victims may be willing to pay thousands of dollars if backups of the affected files do not exist. As with most ransomware Trojans, the best protection against the First Ransomware is to have backups of all data. Today, external memory devices are inexpensive, and it is possible to obtain large quantities of storage space on the cloud even for free. Because of this, there is no excuse for not having regular backups of all important files. Having backups of all files nullifies attacks like the First Ransomware completely. If the victim of the ransomware attack can recover the affected files by restoring them from the backup, then the people responsible for the First Ransomware have no way to demand a payment; they lose their advantage over the victim. Apart from backups, PC security analysts recommend the use of a reliable security program to intercept these attacks before they manage to carry out their encryption on the victim's computer.