Final Ransomware

The Final Ransomware was first observed in April 2017. The Final Ransomware seems to be based on the GX40 Ransomware, which is itself a modified version of Hidden Tear, an open source ransomware Trojan that has spawned countless ransomware variants since its first appearance. The Final Ransomware is being distributed by a hacking group based in Indonesia and is designed to attack computer users in English speaking regions. The Final Ransomware is especially effective in attacking computers with the Windows 10 and Windows 7 operating systems, in some cases also attacking Windows Vista users effectively. This is because the Final Ransomware seems to be designed to run on the Microsoft .NET Framework, which is installed by default on Windows 10 and present on most of these other operating systems.

The Fake Finality of the Final Ransomware

In most cases, the Final Ransomware is delivered to the victim in the form of a corrupted text document, which is attached to a spam email message. These corrupted files will use macro scripts to infect computers, downloading and executing the Final Ransomware while bypassing the infected computer's security protections. Because of its implementation, the Final Ransomware is unpacked and compiled on the infected computer, which allows it to bypass most anti-virus programs. After the Final Ransomware infects the victim's computer, the Final Ransomware contacts its Command and Control servers and carries out its attack, encrypting the victim's files by using a combination of the AES and RSA encryptions. While the Final Ransomware is carrying out its attack in the background, the infected computer will not reveal any symptoms, making it difficult to detect and stop the Final Ransomware before it finishes encrypting the victim's files.

How the Final Ransomware may Infect a Computer

The Final Ransomware targets a large variety of file types in its attack. Whenever the Final Ransomware encrypts a file, it will add the file extension '.encryption' to the end of the file name. The Final Ransomware will target hundreds of different files, ranging from file types used as data containers for media, images, texts, and documents, to files generated by specialized software such as Photoshop or AutoCAD. The Final Ransomware will avoid certain directories, such as Program Data and Windows, to ensure that the victim's computer remains functional enough to deliver a ransom note and carry out the ransom payment, extracting money from the victim (as opposed to making the computer completely unusable and lowering the probabilities of extracting money from the victim, the ultimate goal of the Final Ransomware attack). Apart from encrypting the victim's files, the Final Ransomware also will delete the Shadow Volume Copies, which can be used to recover the files in the event of an emergency. The Final Ransomware lets the victim know of the attack through the following ransom message:

'YOUR FILE HAS BEEN ENCRYPTED
All of your important files has been encrypted by Ransomware
Contact me to make payment and make sure to attach yor identifier
geekhax@amail.com
IDENTIFIER: [RANDOM CHARACTERS]
[TEXT BOX] '

Dealing with the Final Ransomware Infection

PC security researchers strongly advise computer users to avoid following the instructions in the Final Ransomware's ransom note. Computer users should refrain from paying the Final Ransomware ransom, and instead, use a reliable security program to delete the Final Ransomware infection itself and then using file backups to recover the affected files. Although it may not be viable to recover the files that have been made inaccessible by the Final Ransomware, file backups are an effective method to protect yourself from attacks like the Final Ransomware. Malware analysts advise using cloud storage or an offline storage device to back up all files. Having file backups allows computer users to ignore the Final Ransomware ransom demands since the con artists lose any advantage over the victim if the victim can simply restore the affected files from a backup copy.

SpyHunter Detects & Remove Final Ransomware