Fenrir Ransomware
The Fenrir Ransomware is an encryption ransomware Trojan. The Fenrir Ransomware is used to force computer users to pay large ransoms by encrypting their files using a strong encryption algorithm. The Fenrir Ransomware is often being delivered as a fake version of the Adobe software. In most cases, the Fenrir Ransomware infections occur after the victim opens an infected file delivered using spam email messages. These files may take advantage of corrupted macro scripts to download and install the Fenrir Ransomware onto the victim's computer.
Table of Contents
Is the Fenrir Ransomware Fathered by Loki as on the Norse Mythology?
During its attack, the Fenrir Ransomware will encrypt dozens of different file types, connecting to its Command and Control servers to receive instructions and relay information about the attack to its controllers. The Fenrir Ransomware uses the RSA and AES encryption algorithms to make the victim's files inaccessible. The Fenrir Ransomware may connect to some of the following servers:
- gateway00.000webhostapp[.]com
- 000300.000webhostapp[.]com
- 00004563.000webhostapp[.]com
- 000webhostapp[.]com
- a00843873434.000webhostapp[.]com
- owa2378office365migration159.000webhostapp[.]com
- thelpdeskportal.000webhostapp[.]com
- wwwww123web.000webhostapp[.]com
The Fenrir Ransomware attack does not differ much from the many other encryption ransomware Trojans that are active currently. The Fenrir Ransomware will scan the victim's drives for file types matching its list of targeted file types. The Fenrir Ransomware also will delete the Shadow Volume Copies of these files in the process. The Fenrir Ransomware will then encrypt the victim's files, make them inaccessible, then demand the payment of a sum to profit from the attack.
How Con Artists Use the Fenrir Ransomware to Generate a Profit
The main way con artists may profit from ransomware like the Fenrir Ransomware is by demanding a ransom payment from the victim. To do this, the Fenrir Ransomware delivers an RTF file to the victim's computer. This file, named 'ransom.rtf,' displays the following message after the victim's files have been encrypted:
'ALL YOUR FILES HAVE BEEN LOCKED
(Q) HOW TO RESCOVER MY FILES?
(A) Sending to me the amount of 150$ dollars in bitcoin for my bitcoin ID after the payment has been made send the transaction ID and your personal ID to my email and then i will send you the unlocker.
MY BITCOIN ID: 19SVnn5cjTewmgzE5v9gVXn4mzxFQMT5Wo
MY EMAIL: whiterabbit01@mailinator.com
YOUR PERSONAL ID: [TOP RIGHT CORNER OF THE WINDOW]
(Q) WHAT IS IT?
(A) h[tt]ps://en.wikipedia.org/wiki/Ransomware
(Q) WHAT IS BITCOIN?
(A) https://en.wikipedia.org/wiki/Bitcoin
(Q) WHERE TO BUY BITCOIN?
(A) h[tt]ps://localbitcoins.com/'
Dealing with the Fenrir Ransomware
Although the ransom amount the Fenrir Ransomware demands is minor than other ransomware Trojans that are active currently, PC security analysts strongly advise computer users to refrain from paying this amount. This is because paying these ransoms allows con artists to continue creating and developing threats like the Fenrir Ransomware. Apart from this, the con artists may ignore the ransom payments, and it is extremely rare that the victim's files will be restored fully to their former state after an encryption ransomware attack. Victims also will be targeted for additional hoaxes, reinfection and other threats.
Rather than paying the Fenrir Ransomware ransom, therefore, computer users should take preventive measures. There are several steps computer users can take to ensure that their files are protected from attacks like the Fenrir Ransomware:
- The best protection against all ransomware Trojans like the Fenrir Ransomware is to have file backups. Having backup copies of your files will make you invulnerable to attacks like the Fenrir Ransomware since the people responsible for the attack will lose any leverage that would allow them to demand a ransom payment from the victim.
- A reliable security program that is fully up-to-date can be used to intercept many infections, including the Fenrir Ransomware. This also will be necessary to remove the Fenrir Ransomware infection itself before restoring any of the affected files from a backup copy.
- Since the Fenrir Ransomware and other ransomware Trojans may be delivered using spam email messages, learning how to spot and deal with these tactics is an essential part of dealing with these threats.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.