FrozrLock Ransomware

The FrozrLock Ransomware is a Ransomware-as-a-Service (RaaS) provider that is being advertised on the Dark Web. The FrozrLock Ransomware is being sold for $220 and marketed with the message 'great security tool that encrypts most of your files in several minutes.' The first vestiges of the FrozrLock Ransomware have been traced back to Russia, delivered through corrupted Java scripts. PC security researchers have been following the development of the FrozrLock Ransomware for some time, but its home page and name was uncovered only recently.

Some Features of the FrozrLock Ransomware

The following features have been associated with the FrozrLock Ransomware:

• The FrozrLock Ransomware is coded in C# and is multi-threaded.
• The FrozrLock Ransomware supports .NET > 4.5.
• The FrozrLock Ransomware loader is deleted automatically after the infection is completed.
• The FrozrLock Ransomware does not change the file extensions of the encrypted files.
• The FrozrLock Ransomware will delete itself from the infected computer after the victim pays the ransom.
• The FrozrLock Ransomware is obfuscated and available for download, to be managed using a panel based on TOR.
• The FrozrLock Ransomware can be rebuilt as many times as necessary by the people controlling it.
• The FrozrLock Ransomware uses unique keys for each encrypted file.
• The FrozrLock Ransomware can implement different encryption methods, including Twofish256, AES256 and RSA4096.

People wanting to use the FrozrLock Ransomware have to register for an account and pay 0.14 BitCoin (approximately $220 USD at the current exchange rate) for access to this ransomware Trojan.

How the FrozrLock Ransomware Carries out Its Attack

The people that pay for the FrozrLock Ransomware service can use this Trojan to encrypt the victim's files to then demand a ransom from the victim. The FrozrLock Ransomware comes with a decryptor that can be set to operate manually or automatically after payment is carried out. The following are file extensions that may be targeted during the FrozrLock Ransomware attack:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The files that have been encoded by the FrozrLock Ransomware will not have their names altered but will appear as blank icons with no thumbnail image on Windows Explorer. The FrozrLock Ransomware displays its ransom note in a program window and in a text file named 'READ_ME.txt,' both of which contain the following ransom message:

'Hello, stay calm because all your files can be decrypted again we just need your contribution and you can have access to all your files today.
The process for you to have all your files that have been encrypted again is totally automatic and the payment of your contribution must be done in Bitcoins.
If you do not know Bitcoin you just type in google how to buy Bitcoins in your country or visit the address h[tt]p://localbitcoins.com and you can buy Bitcoins to be able to pay the contribution and have access to all your files again.
The only way to get your files back is to pay our contribution in case you try to erase our systems with some antivirus or somehow your files will be lost forever and no one else will be able to decrypt since they are encrypted with a cryptography of 512 Bits and only our automatic system when detecting payment can decrypt your files.
To get your files back you just need to get the value and payment address on this website [LINK]'

Dealing with a FrozrLock Ransomware Infection

It is advised to refrain from paying the FrozrLock Ransomware ransom. Instead, they should remove the FrozrLock Ransomware with a reliable security program, and the affected files should be replaced with a backup copy.

SpyHunter Detects & Remove FrozrLock Ransomware