decrypt@fros.cc Ransomware

PC security researchers first observed the decrypt@fros.cc Ransomware, an encryption ransomware Trojan, on October 5, 2018. The decrypt@fros.cc Ransomware is a hybrid of Dharma and Crysis, two ransomware families that have had numerous variants since their initial releases. These variants first started to appear in Fall of 2018. The purpose of the decrypt@fros.cc Ransomware, like most encryption ransomware Trojans, is to take the victim's files hostage, using a strong encryption algorithm to make the files inaccessible.

How the decrypt@fros.cc Ransomware Attacks a Computer

The decrypt@fros.cc Ransomware enters the victim's computer through a corrupted spam email attachment, often as a DOCX file with damaged embedded macros. Once installed, the decrypt@fros.cc Ransomware uses the AES encryption to make the victim's files unusable. The decrypt@fros.cc Ransomware also renames the victim's files by adding the file extension '.bgtx' to each affected file's name. The files that the decrypt@fros.cc Ransomware and similar encryption ransomware Trojans will target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Once the victim's files have been damaged, the decrypt@fros.cc Ransomware delivers a ransom note in the form of two files, 'Info.hta' and 'FILES ENCRYPTED.txt.,' which delivers the following ransom note to the victim:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail decrypt@fros.cc
Writer this ID in the title of your message: [random characters]
You will have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.'

Protecting Your Data from Threats Like the decrypt@fros.cc Ransomware

The best protection against threats like the decrypt@fros.cc Ransomware is to have file backups of your files. Backup copies of your files eliminate the need to negotiate with the criminals responsible for the decrypt@fros.cc Ransomware or pay any ransom goes away. It also is important to refrain from paying these ransoms because they allow criminals to continue creating and distributing threats like the decrypt@fros.cc Ransomware. Apart from file backups, malware researchers recommend that computer users use a security program to ensure that any threat like the decrypt@fros.cc Ransomware is intercepted before it is installed on a computer. Unfortunately, the decrypt@fros.cc Ransomware and similar threats use a decryption method that is quite strong, and it is not possible to restore files encrypted by the decrypt@fros.cc Ransomware currently, making backups the best option.