Felix Ransomware

The Felix Ransomware is a threat, which is designed to sneak into your system and lock your files in order to blackmail you into paying for a decryption key that is meant to reverse the damage done to your data. The Felix Ransomware is a brand-new copy of the Dharma Ransomware.

Propagation and Encryption

This data-locking Trojan is likely to encrypt most of the data located on the compromised host. If you fall victim to the Felix Ransomware, this nasty Trojan will lock all your documents, images, spreadsheets, audio files, presentations, databases, videos, archives, and other filetypes. The more files the Felix Ransomware encrypts, the higher the chance of you giving in and paying the ransom fee. It is not fully clear how the Felix Ransomware is distributed. Cybersecurity experts state that most authors of ransomware threats use phishing emails to distribute their malicious creations. Typically, the phishing email would contain a macro-laced attachment or a malicious link. Cybercriminals may also opt to use other propagation methods such as malicious ads, torrent trackers, fraudulent social media posts, bogus software updates, etc. When the Felix Ransomware infects your PC, it will scan your files and begin the encryption process. Upon locking a file, the Felix Ransomware changes its name by adding a '.id-.[felix@countermail.com].felix' extension. For example, a file called 'marine-squad.mp3' will be renamed to 'marine-squad.mp3.id-.[felix@countermail.com].felix.'

The Ransom Note

In the next step of the attack, the Felix Ransomware drops a file, which contains the message of its authors. The name of the file is 'FILES ENCRYPTED.txt.' Just like with most copies of the Dharma Ransomware, Felix Ransomware's note is very brief. There is no mention of a ransom fee. The ransom message contains the user's unique victim ID. The creators of the threat demand to be contacted via email – ‘felix@countermail.com.'

The note reads:

YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email felix@countermail.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:felix@countermail.com
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

It is not advisable to contact cybercriminals. They are not honest individuals, and paying them does not guarantee you that you will receive the decryptor you need to recover your files. You should consider investing in a legitimate, modern anti-malware utility that will remove the Felix Ransomware from your PC.