Home / Spyware Help / Freezing Ransomware Removal Guide

Freezing Ransomware Removal Guide

by 0 Comments

Do you know what Freezing Ransomware is?

It looks like cybercriminals are developing a new ransomware application that is called Freezing Ransomware. Our computer security specialists came across a sample of its test version. It seems like it is already capable of encrypting a lot of different file types. However, it does not drop a ransom note, which is usually what threats alike do. Thus, we do not think it is being distributed yet. In any case, in this article, we wish to discuss how the malicious application could be spread and what might be its capabilities. If you are interested and want to know more, we encourage you to read our full article. If you have a look at our removal guide, you can find out how it might be possible to erase the current version of Freezing Ransomware manually. Needless to say that it might be easier and safer to employ reputable antimalware tools when dealing with such threats.

As mentioned earlier, the rest of the article is for providing you with more details about Freezing Ransomware. The first thing we wish to discuss is how this malicious application could be distributed. The reason we do not believe it is being spread yet is that there are signs suggesting it is not finished. In a case the threat gets fully developed, there are a few ways its hackers could spread it. For example, its launcher could be disguised as some harmless file like a text document and sent to targeted victims via email.

To avoid receiving malware via email, users should be careful with Spam emails and messages from unknown senders or emails carrying files they did not expect to get. The other way the malware could be spread is through unreliable file-sharing websites. In such a case, the threat could be bundled with other software, or its installer could be made to look like an installer of some reputable application, update, and so on. Consequently, we recommend keeping away from file-sharing sites that offer pirated tools, torrents, unknown freeware, etc. Also, as an extra precaution, you could scan suspicious data received or downloaded from the Internet with a reputable antimalware tool if you are not sure, it is safe.Freezing Ransomware Removal GuideFreezing Ransomware screenshot
Scroll down for full removal instructions

From the looks of a sample we were able to test, it seems the current version of Freezing Ransomware starts encrypting targeted files as soon as it enters a system. Our researchers say the malware can encrypt all file types except the following extensions: .exe, .dll, .iso. Also, our sample targeted files that were located in the following directories only: %USERPROFILE%, %TEMP%, %APPDATA%, %LOCALAPPDATA%. Each affected file got marked with the .FreezedByWizard extension, for example, picture.jpg.FreezedByWizard. Normally, such threats drop a ransom note demanding to pay for decryption tools soon after they finish encrypting files. Since this could be only a test version, its creators probably thought there is no point in displaying a ransom note.

Naturally, if the malicious application gets finished, victims who may receive it could be presented with ransom notes asking to pay for decryption or contacting the threat’s developers. We advise against it if you do not want to risk losing your money in vain. Such a thing is always possible as hackers cannot give any guarantees that the promised tool will be delivered. Thus, we often recommend deleting threats like Freezing Ransomware, and if you take a look at the removal guide available below, you can see how such a malicious application could be erased manually.

Erase Freezing Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Pick Task Manager and check the Processes tab.
  3. Locate a process belonging to the malware.
  4. Choose the process and click End Task.
  5. Exit Task Manager.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file opened when the device got infected, right-click the malicious file, and select Delete.
  9. Exit File Explorer.
  10. Empty Recycle bin.
  11. Restart the computer.

In non-techie terms:

Freezing Ransomware seems to be a test version of a ransomware application capable of encrypting a large amount of different file types. The variant we came across enciphers files that are located only in a few directories. Also, our computer security specialists noticed that it does not drop or display a ransom note, which is odd because most of such threats are created for money extortion. Nonetheless, the things the threat seems to be missing or limitations it has now might be added/removed in the future. In truth, it might be just a question of time. However, if the malicious application gets updated and released, its name might likely be replaced. A new title might ensure a victim will not find information about his encountered infection. The reason a user could be in a hurry to find information about a threat is that it could show a ransom note claiming he has a limited time offer. Usually, hackers promise to send decryption tools that might be needed to restore encrypted files if a user pays a particular with a given time frame. Know that it is inadvisable to put up with any demands as there is always a risk you could get scammed.