Free-Freedom Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 36 |
| First Seen: | December 22, 2016 |
| Last Seen: | December 27, 2019 |
| OS(es) Affected: | Windows |
The Free-Freedom Ransomware's demands are somewhat unique, making computer security researchers question the real motive behind the Free-Freedom Ransomware infection. The authors of the Free-Freedom Ransomware use a payment website to collect $30 USD worth of Gift Card codes for the Google Play Store. This payment website is also used to collect information about the victims, including their phone number, address and email. This data could potentially be used to bypass two-factor security on certain websites (such as banking portals), since the people responsible for the Free-Freedom Ransomware may have had access to the victim's stored passwords. The Free-Freedom Ransomware is a threat infection that can have numerous unwanted results for victims of the attack.
Free-Freedom to Take Someone Else's Money?
PC security researchers are concerned that the Free-Freedom Ransomware's tactics could be used to compromise online banking accounts. The Free-Freedom Ransomware does not encrypt files in the traditional way used by most encryption ransomware Trojans. Rather, the Free-Freedom Ransomware modifies file permissions and locks certain features on the Windows operating system. After the Free-Freedom Ransomware carries out this attack, the victim cannot open files, delete files, move files, or access the Windows Task Bar. The Free-Freedom Ransomware displays a lock screen that says 'Your files have been locked/encrypted!' and loads its payment website on the victim's Web browser.
The Free-Freedom Ransomware displays its ransom message using an HTA application, a typical method that has been used by numerous ransomware Trojans in the later half of 2016. The file containing the Free-Freedom Ransomware's ransom note is called 'Free-Freedom (MAJOR SECURITY ALERT)' and is dropped on the Temp directory in the affected computer. When victims of the Free-Freedom Ransomware Trojan connect to the payment website, they are asked to submit a Google Play Store Gift Card code, as well as their information to receive the unlock code. The following are the messages that are used during that the Free-Freedom Ransomware attack:
First Lock Screen Message:
'Your Files Have Been Encrypted!
But you can get your files back!
Your files have been locked / encrypted!
To unlock your files, just click next.
If you have no internet and do not wish to
pay via Unsecure connection, please use
your neighbores internet or a public cafe.
This ransomware was coded by a 13 year old boy!
Done with VB.NET
Version 10'
Second Lock Screen Message:
'YOU ARE LUCKY! MOST RANSOMWARE'S DEMAND A PAYMENT OF £300 OR ABOVE! WE DON'T!
Ready to pay? Want your files back? click the link below:
h[tt]p://www.i-m.mx/epicbet/freefreedom/'
The Free-Freedom Ransomware Payment Website:
'Decrypt My Files the Free-Freedom Ransomware
Unlock My Files
To unlock your files, please follow the onscreen instructions below:
1. Go to a local store (walmart, asda, tesco, etc...) and purchase a Play Store Gift Card worth 25 British Pounds Or 30 (whatever it is) in American Dollars.
2. Make sure that the card is valid before making the transaction!
3. Enter the following details below: (playstore gift card redeem code is the code on the back of the gift card.)
Play Store Gift Card Redeem Code
Your Personal Email Address
Phone Number (optional)
Address (optional)
This form has DDOS protection'
Dealing with the Free-Freedom Ransomware
It is likely that the Free-Freedom Ransomware is a work in progress or it was coded by amateurs. Fortunately, the Free-Freedom Ransomware's has a hard coded password that allows victims to bypass the Free-Freedom Ransomware lock screen. The password is 'adam' and entering it into the Free-Freedom Ransomware lock screen will disable this ransomware Trojan. The Free-Freedom Ransomware may become a threat later on since extortionists will update these threats frequently. It is entirely possible that the development of the Free-Freedom Ransomware may continue, giving this threat the capability to encrypt the victims' files in the way that most encryption ransomware Trojans carry out their attacks. Because of this, precautions should be taken, such as handling email attachments carefully and having backups of all files.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.