Fenrir Ransomware Virus – An Emerging Threat Across the Globe
| Name | FENRIR |
|---|---|
| Type | Ransomware |
| Level of Danger | Very High |
| Symptoms | Very few notifications pop-ups on the display screen before the files are infected |
| Distribution Methods | Circulated by fake adds, system request, spam mails, infected web pages |
| Detection Tool | Any strong Antivirus removal program |
| Data Recovery Tool | Not available |
Fenrir Ransomware Virus- Quick Glance
Fenrir Ransomware attack is basically a program that can be classified as file encoder Trojan. The checkpoint researchers, Computer security observers have noticed that the Fenrir Ransomware virus on regular PC users present in the Western Hemisphere. The Fenrir Ransomware appeared to attack the English-speaking users and runs as a fake instance of the Adobe Acrobat Reader on local systems.
The Reports from users narrated that a payload for threat was sent to the users as an attachment for the spam mails. The Computer security experts alert claimed that macro-enabled documents were used to install Fenrir Ransomware on the remote machines. The Macro scripts were executed on Windows via administrative privileges. In this way, the Ransomware was circulated on all the machines present on the server. Fenrir Ransomware virus is also known for making a combination of RSA algorithm and the AES ciphers. It sends decryption to the servers that are hosted on sites mentioned below:
- gateway00.000webhostapp.com
- 000300.000webhostapp.com
- 00004563.000webhostapp.com
- 000webhostapp.com
- a00843873434.000webhostapp.com
- owa2378office365migration159.000webhostapp.com
- ithelpdeskportal.000webhostapp.com
- wwwww123web.000webhostapp.com
Fenrir Ransomware is basically programmed for scanning infected device for connecting data storage and thus makes a list of all files that are suitable for encryption. It then encodes the data via customized AES-256 cryptographic algorithm and appends to use unique hexadecimal string after original file extension. For Instance, PQRS.jpeg is renamed to PQRS.jpeg 1BC23D4EF5. Afterward, no image viewer is able to render the encrypted picture.
The checkpoint researchers warned that Fenrir Ransomware virus includes all credibility to delete Shadow Volume Copies made by the Windows. After the process of encryption is complete, it generates a ransom notification that is present in text document namely ‘ransom.rtf’ and presents a program window. Both the file displays same messages:
ALL the FILES HAVE BEEN LOCKED
HOW TO RESTORE FILES?
Send the amount of 150$ dollars as bitcoin for bitcoin ID. Once the payment has been made, send the transaction ID and personal email ID to my mail account and then I will get you unlocker.
MY BITCOIN ID: 19SVnn5cjTewmgzE5v9gVXn4mzxFQMT5Wo
MY EMAIL: [email protected]
Provide your personal ID
Cyber extortionists who are behind Fenrir Ransomware virus attack, asks for payment of 150 USD as a BitCoin digital crypto currency. This attack generates files like:
- MSIL/Filecoder.Ryzerlo.A
- Ransom.Cryptear.Gen!c
- Ransom.HiddenTear!g1
- Ransom_HiddenTearFENRIR.A
- Ransomware-FTD!A5ECF27BFAB7
- Trojan/Win32.SGeneric
- W32/Fenrir.Ransom.A
- W32/Trojan.TNDY-0739
- Win32:Malware-gen
This malicious software named as Ransomware, is the most harmful kind of malware. It damages valuable files by encrypting it. If a user disobeys to pay the ransom what the hackers want it deletes all the important files. The malware is considered to be developed in Russia. The ransomware performs following things:
1. Data Encryption
2. Screen Affecting
3. Mobile Device Targeting
Steps to Remove Fenrir Ransomware Virus from System
- Press CTRL+ SHIFT+ ESC in a single tap>> Go to Process Tab. Find out the dangerous process.
- Right click on the files and open the file location.
- After opening the folders, end processes that are damaged/ infected. Delete the folders containing those files
- Hold Start Key and R- Copy+Paste the code notepad %windrir% /system32/Drivers/etc/hosts
// If a system is hacked, there will many IPs connected to system at bottom - If you find IPs below the Localhost, type msconfig and hit enter. It enables a Pop-up window
- Go inside Startup and uncheck the unknown entries
Ransomware includes fake manufacturers name to the process. Check for the legitimate process to easily remove Fenrir Ransomware.
For Fenrir Ransomware Removal, type Regedit in Windows search field and then press Enter key. Once got inside, press CTRL key+F together. Type the name of Virus. Search the ransomware in registries and delete all the entries. Type the following in Windows Search Field:
- %AppData%
- %LocalAppData%
- %ProgramData%
- %WinDir%
- %Temp%
Delete all the entries present in Temp. With this you can easily remove Fenrir Ransomware from your system.
The Final Note
The question that comes in users mind is: Is it possible to remove Fenrir Ransomware Virus? Is there any way to restore the Effected Data?
By discussing this infection that is caused by the Ransomware it is quite well known that no activity can guarantee, the complete Restoration of encrypted files. So, the users may get updated with the antivirus installed in their respective systems. Quick scanning of the files and system can prevent the users from affected systems. There is numerous numbers of antivirus programs available across globe. Users can easily download any one of them and get rid of the threats easily. Any third party antivirus can easily figure out the Ransomware and thus can remove Fenrir Ransomware completely.