FriedEx Ransomware

The FriedEx Ransomware is a ransomware Trojan that has received quite a bit of media attention because it seems that the FriedEx Ransomware was released by the creators of Dridex, an infamous banking Trojan that has been responsible for numerous high-profile attacks on computer users and businesses. Dridex is a harmful banking Trojan that has been around since 2014. This banking Trojan evolved to become one of the most sophisticated banking Trojans that are active, at some points being updated weekly by the people responsible for the attack. Today, Dridex is in version 4.80 and incorporates some of the most advanced techniques used by these threats to carry out its attacks. Because of this connection with Dridex, the FriedEx Ransomware has caught the attention of PC security researchers. If the same development and resources are used in the development of the FriedEx Ransomware, it is not far-fetched to imagine that this encryption ransomware Trojan could evolve into something much scarier than its current form.

The Funny Name of a Real Pest

PC security researchers started reporting the FriedEx Ransomware on January 26, 2018, extensively, when it was uncovered that the same programmers that are responsible for Dridex released the FriedEx Ransomware. The FriedEx Ransomware seems to be a variant of the Bitpaymer Ransomware, a Trojan that was released in July 2017 and used to carry out attacks on computer users around the world. After studying the libraries used by the FriedEx Ransomware, it is clear that it shares many elements in common with Dridex. The FriedEx Ransomware will be delivered to victims through the use of phishing email messages that use sophisticated techniques, as well as by hacking into the targeted computers through the use of unsecured Remote Desktop Protocol connections and other possible vulnerabilities. The FriedEx Ransomware demands a very large ransom, 50 Bitcoins, which is more than half a million dollars at the current exchange rate.

How the FriedEx Ransomware Carries out Its Attack

Once the FriedEx Ransomware is installed, the FriedEx Ransomware will use various obfuscation methods to prevent security software from detecting and removing the FriedEx Ransomware. The FriedEx Ransomware will use a strong encryption method to make the victim's files inaccessible, targeting the user-generated files, which may include images, videos, sound files, and numerous document types. The FriedEx Ransomware will mark the files encrypted by its attack with the file extension '.locked,' which will be added to the end of each affected files' names. The FriedEx Ransomware is capable of attacking computers running the Windows operating system, including the latest versions of this operating system.

The FriedEx Ransomware’s Ransom Demand

After the FriedEx Ransomware has encrypted the victim's files, the FriedEx Ransomware will deliver its ransom note in the form of a text file named '_readme.txt,' which will be placed on the infected computer's desktop. The full text of the FriedEx Ransomware ransom note is:

'YOUR COMPANY HAS BEEN SUCCESSFULLY PENETRATED!
DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT TOUCH this file.
All files are encrypted, we accept only bitcoins to share the decryption software for your network.
Also, we have gathered all your private sensitive data.So if you decide not to pay anytime soon, we would share it with media's.
It may harm your business reputation and the company's capitalization fell sharply.
Do not try to do it with 3rd-parties programs, files might be damaged then.
Decrypting of your files is only possible with the special decryption software.
To receive your private key and the decryption software please follow the link (using tor2web service):
h[tt]ps://qmnmrba4s4a3py6z.onion[.]to/order/***
If this address is not available, follow these steps:
1. Download and install Tor Browser: h[tt]ps://www.torproject[.]org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: h[tt]ps://gmnmrba4s4a3py6z[.]onion/order/***
4. Follow the instructions on the site
5. This link is valid for 72 hours only. Afetr that period your local data would be lost completely.
6. Any questions: 15010050@tutamail.com
KEY:[RANDOM CHARACTERS]'

It is important to take preemptive measures to ensure that your computer is protected from ransomware threats like the FriedEx Ransomware.

SpyHunter Detects & Remove FriedEx Ransomware