The FireCrypt ransomware is a dangerous new malware threat which features the capability to carry out DDOS attacks against predefined targets. To learn more about the virus continue reading our article.
About The FireCrypt Ransomware
The FireCrypt ransomware is a new malware which which has been identified as very dangerous. The security analysis shows that it is realted to the Deadly for a Good Purpose Ransomware which was initially discovered in October 2016.
FireCrypt ransomware is an advanced malware building tool which is used to create customized strains for various live attacks. Its creator is the malware developer known BleedGreen.
An advanced level of customization is available. Depending on the strain it may feature one of the following options – startup entry persistence, killing of the taskmgr system process, AES-256 encryption module, built-in DDOS capability, Disk space utilization and enhanced customization.
The default predefined list contains a list of 20 file types:
.txt, .jpg, .png, .doc, .docx, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .htm, .csx, .psd, .aep, .mp3, .pdf, .torrent
The affected data receives the .filecrypt extension. An example ransom note is the following:
Key Will Be Destroyed On:
1/7/2017
Your Files Are Encrypted:
1758 files encrypted securely.
USER ID: User-io5zHC•zvL – Encryption Used: AES-256
Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click “Encrypted Files” link to view a complete list of encrypted files. and you can personally verify this. Encryption was produced using a unique public key AES-256 generated for this computer. To decrypt files you need to obtain the private key. The only copy of the private key, which will allow you to decrypt your files. is located on a secret server on the Internet: the server will eliminate the key after a time period specified in this window. Once this has been done. nobody will ever be able to restore files… In order to decrypt the files you will need to send $500 USD in form of BTC to the following bitcoin address:
1H91foPIcEGFqurFdq5zek4frCshzPZbq9V (How to buy Bitcoins?)
After payment contact [email protected] with your transaction details and “USER 11)”. Once the payment is confirmed you will recieve decryption key along with decryption software. Any attempt to remove or corrupt this software will result in immediate elimination of the private key by the server. Beware.
Encrypted Files
The FireCrypt ransomware includes a DDOS tool that launches a download request to predefined remote servers. This means that if enough computer hosts get infected with the virus a DDOS attack can be initiated as part of the virus’s infection process.
How Does The FireCrypt Ransomware Infect Computers
The FireCrypt ransomware is a polymorphic type of virus which features basic stealth protection.
The main infection method that is used by the virus relies on sending phishing emails to the computer targets.
Other sources include malicious ads, hijackers and other related computer threats.
How To Remove The FireCrypt Ransomware and Recover Affected Files
You can use a trusted anti-spyware solution to remove active infections and protect your computer .