Files Fixer Ransomware

Files Fixer Ransomware Description

After analyzing the Files Fixer Ransomware code, infosec researchers determined that the threat belongs to the Xorist malware family. Despite being a variant of an already discovered ransomware, the Files Fixer can still wreak havoc on any computer system it manages to infiltrate successfully.

By leveraging a potent cryptographic algorithm to encrypt the files stored on the compromised device, the Files Fixer Ransomware can lock users out from their own personal or work files. The hackers then demand to be paid a ransom in order to send to the victim the decryption key and software that could potentially restore the files. To make their message that more clear, instead of using a simple extension for the encrypted files, as is usually the case, the Files Fixer Ransomware appends each file it has affected with the following: '....FIXME-DAMAGEDFILES-NEED-TO-CONTACT-THE-EMAIL- URGENTLY-OR-YOUR-FILES-WILL-BE-PERMANENTLY-DELETED.' As for the ransom note, it is dropped in every folder containing encrypted data in the form of text files named 'HOW TO DECRYPT FILES.txt.'

The note itself provides little useful information for the victims of the Files Fixer Ransomware. It simply states that users who want to restore their files have to buy something that the cybercriminals have named FILES-FIXER-2017. No specifics about the amount of the ransom or if any cryptocurrencies have to be used for the transaction are mentioned. For further details, affected users are instructed to send a message to the 'service_windows@scryptmail.com' email address.

The full text of the Files Fixer Ransomware's note is:

'Problem with your Files ?

Don't worry!

Your Files Are Safe

You need to buy the FILES-FIXER-2017 frum us!!

Contact Email : service_windows@scryptmail.com

Subject PRIVATE-ID:'

More Details About Files Fixer

Computer viruses are becoming more prevalent. One reason for this is that anyone can create a trojan virus these days, even without any prior programming knowledge. There are benefits to having that knowledge, but it isn’t the same prerequisite it once was. The dark web is full of pre-packaged trojan kits such as Xorist Ransomware. Files Fixer manages to stand out despite the large family as it does away with some of the norms of Xorist and adopts a unique approach.

Files Fixer ransomware works on most Windows environments, including Windows 10. The primary purpose of the virus is to encrypt files on the computer. It targets documents, images, videos, and other personal files on a computer and prevents users from accessing them. While it’s nothing new for ransomware to change the file extension of infected files, Files Fixer takes things a little further by changing it to a full sentence; 'FIXME-DAMAGEDFILES-NEED-TO-CONTACT-THE-EMAIL- URGENTLY-OR-YOUR-FILES-WILL-BE-PERMANENTLY-DELETED'. The ransom note refers to a file recovery service, which is named ‘Files Fixer 2017’ for some reason. The message doesn’t mention a price for decryption.

Security experts are quick to say the ransomware isn’t three years old, as the misnamed file implies. The virus wasn’t seen in the wild until December 2020, suggesting it isn’t even three weeks old at the time of writing, never mind three years. Xorist ransomware itself is older than three years, so there’s no telling if the “2017” signifies anything important, if anything at all.

What to do if Your Computer is Infected

Paying the ransom seems like a logical conclusion to many. If making one payment makes all the problems go away, then why not do it? Unfortunately, paying the ransom doesn’t mean that you will get the promised help. Malware experts recommend against paying ransom demands because there are no guarantees the attackers will deliver on their end of the bargain.

The first thing to do if your computer is infected is to check to see if public decryption tools exist. Security researchers are sometimes able to create decryption tools for ransomware by exploiting flaws in the code. There are many such public decryption tools for Xorist ransomware. If no public decryption key is available, then your best bet is restoring files from a backup.

Don’t forget to remove the virus before restoring data with a backup. The last thing you want is for your backup files to be infected too. Removing the virus won’t undo the damage, but it does prevent further problems.

How Does Files Fixer Ransomware Spread?

Malware like this has several ways to infect computers without users knowing. Hackers use tricks like spam emails and malicious software bundles to infect computers. As helpful as freeware and shareware programs can be, there is always the risk that they could hide viruses. Be sure to check the reviews and ratings for a program before installing it.

Torrent sites are another common infection point for computer viruses. People turn to file-sharing services and torrent sites to download cracked versions of paid software and games. Hackers take advantage of this by creating cracks that install malware rather than the intended program.

We recommend you be careful when using the internet. Download and use software from trusted sources, avoid torrenting websites and don’t open spam emails. Most antivirus and antimalware programs can find and block Xorist ransomware like Files Fixer automatically. Antivirus programs are your first line of defense against cyber threats like this.

The Files Fixer ransomware causes all sorts of problems, but you can keep your computer – and your files – safe against attack with some care and attention.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.