What is Freefoam ransomware? And how does it wreak havoc?
Freefoam ransomware is a file-encrypting virus that seems to target Russian users. However, after a thorough analysis, this ransomware also targets users from Ukraine, Belarus and other neighboring countries – meaning to say, even if it targets Russian users and the countries near it, you’re still not safe from this malware for the internet is a vast place so anything can happen. It was first discovered dating back to July 27, 2017 and has since caused troubles to many users.
Freefoam ransomware is another infection that is based on the open source platform called HiddenTear. It enters your computer through malicious spam emails. These spam emails contain malicious files used to infiltrate your system by connecting to its Command and Control server to execute its attack. Freefoam uses double encryption ciphers to encrypt your files – AES and RSA algorithms. Before the encryption it scans your computer for the following file types:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2
After it finds the files to target, it appends the .freefoam file extension to make the files unreadable. Take note that this ransomware removes your files’ shadow volume copies so there’s no way for you to use the Windows Previous version feature to recover your files. After the encryption, it creates its ransom note which is contained in a file named MESSAGE.txt that is dropped onto your computer.
Here’s the full context of the ransom note written in Russian translated to English:
“You can ask for the cost of the decryption by writing a letter to the address: [email protected]
In the subject of the letter, write your ID: [RANDOM DIGITS]
Letters without an ID are ignored.
Please do not try to decrypt files with third-party tools.
You can ruin them completely and even the original decryptor will not help.
You can buy the decrypt by [DATE]
Submissions are processed by an automated system.”
As of now, the cyber crooks behind Freefoam ransomware aren’t identified yet. It doesn’t help that the crooks used Protonmail and the TOR network in its implementation so that they remain anonymous.
Keep in mind that no matter how desperate you are, you shouldn’t pay the sly criminals even a cent for there are other ways to get rid of this ransomware and recover your files.
How does this ransomware spread its infection?
This malware spreads using spam email campaigns that are disguised as messages that are related to Vkontakte which is the most popular social network in the region. Aside from spam emails, it was also determined that this ransomware uses illegal software packs to distribute its infectious file.
Eliminate Freefoam ransomware using the complete set of instructions below in order to continue using your computer safely. Keep in mind that malicious files and programs often spread in a bundle with other types of malicious infection.
Step 1: Open Windows Task Manager by pressing Ctrl + Shift + Esc at the same time.
Step 2: Go to the Processes tab and look for Freefoam ransomware’s process or any suspicious processes for that matter and then kill them.
Step 3: Open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 4: Look for Freefoam Ransomware or any suspicious program and then Uninstall them.
Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Go to the directories listed below and look for Freefoam’s malicious files and erase it as well as other suspicious files that has something to do with it.
Step 7: Look for the ransom note, MESSAGE.txt as well as other harmful files in your computer and delete them.
Step 9: Empty your Recycle Bin.
Follow the continued advanced steps below to ensure the removal of the Freefoam Ransomware:
Perform a full system scan using SpyRemover Pro.
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.