When the FIXED Ransomware is executed on an infected machine, it will scan the files stored there and proceed to encrypt those that match its targeted file types. Typically, ransomware threats are capable of locking a wide range of files, including documents, photos, images, databases, archives and many more. Each file affected by the threat will have '.FIXED' appended to its name. It should be noted that certain aspects of FIXED Ransomware suggest that the threat could be still under development and that it has been released for testing purposes.
Victims of the FIXED Ransomware will be left with a ransom note displayed in a pop-up window. The message will be generated from a file named 'Info.hta.' According to the instructions, the attackers will only accept ransom payments made using the Bitcoin cryptocurrency. The hackers also state that they are willing to unlock 3 files to demonstrate their ability to restore all of the affected data. Unfortunately, this is not a feasible option for the victim, as the note doesn't mention any email address that can be used for communication. Instead, the hackers have left two placeholder names in the note - 'email@example.com' and 'firstname.lastname@example.org.'
The full text of FIXED Ransomware's message is:
'Don't worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send 3 of your encrypted files and we decrypt it for free. You must follow these steps To decrypt your files : 1) Write on our e-mail :email@example.com ( In case of no answer in 24 hours check your spam folder or write us to this e-mail: firstname.lastname@example.org) 2) Obtain Bitcoin (You have to pay for decryption in Bitcoins. After payment we will send you the tool that will decrypt all your files.)'