The FriedEx is a ransomware threat that has received a lot of media attention in the last few years. It was released by the creators of the notorious Dridex banking Trojan that has been wreaking havoc in the banking world since 2014. It is this association with Dridex that has had many cybersecurity researchers worried about the capabilities of the FriedEx ransomware given that the Dridex banking Trojan is one of the most versatile spywares in existence.
The researchers also believe that the FriedEx ransomware is a variant of the BitPaymer ransomware as the two share significant chunks of code. BitPaymer was released in 2017 while FriedEx followed a year later.
The main method of distribution of the FriedEx malware is via spear phishing campaigns. Unsuspecting victims are lured to click on emails and other messages that are contaminated with the malware entity upon which it infects a computer. The other way that the malware infiltrates computers is through the unsecured Remote Desktop Protocol (UDP).
Unlike other ransomware strains that demand a ransom payment of several hundred dollars, the FriedEx ransomware demands a ransom payment of up to 50 Bitcoins, which, depending on the exchange rate, is hundreds of thousands of dollars. It is one of the reasons that makes the FriedEx ransomware a serious threat because the ransom amount is enough to cripple a small enterprise.
What Role Does Dridex Trojan Play in the Spread of FriedEx Ransomware?
The Dridex Trojan plays the role of reconnaissance or information gathering. When it infects a computer, it collects as much information about the host as it possibly can and passes that to hackers, who then determine whether or not the victim is a good candidate for a ransomware attack by the FriedEx ransomware.
This modus operandi matters to the creators of the virus given their unusually high ransom amounts. They are simply not in the business of targeting mum and pop shops, but instead focus on big financial institutions and healthcare providers. The most high-profile attack by the ransomware was the attack on some NHS hospitals in Scotland.
What Can the FriedEx Ransomware Do?
Like all ransomware strains, the FriedEx malware targets specific file types and encrypts these with a powerful AES-1024 bit encryption algorithm.
The ransomware demand is placed on the infected computer’s desktop. It comes with several warnings against using third-party decrypting tools and delaying too much as the link that is made available to contact the cybercriminals is only valid for 72 hours.
Here is the full text of the FriedEx ransomware note:
‘YOUR COMPANY HAS BEEN SUCCESSFULLY PENETRATED!
DO NOT RESET OR SHUTDOWN – files may be damaged. DO NOT TOUCH this file.
All files are encrypted, we accept only bitcoins to share the decryption software for your network.
Also, we have gathered all your private sensitive data.So if you decide not to pay anytime soon, we would share it with media’s.
It may harm your business reputation and the company’s capitalization fell sharply.
Do not try to do it with 3rd-parties programs, files might be damaged then.
Decrypting of your files is only possible with the special decryption software.
To receive your private key and the decryption software please follow the link (using tor2web service):
If this address is not available, follow these steps:
- Download and install Tor Browser: h[tt]ps://www.torproject[.]org/projects/torbrowser.html.en
- After a successful installation, run the browser and wait for initialization.
- Type in the address bar: h[tt]ps://gmnmrba4s4a3py6z[.]onion/order/***
- Follow the instructions on the site
- This link is valid for 72 hours only. Afetr that period your local data would be lost completely.
- Any questions: firstname.lastname@example.org
How to Remove the FriedEx Ransomware
A lot of people confuse the removal of ransomware with recovering the encrypted files. These are two different things and we will tell you why. The files are usually, if not always, encrypted with an asymmetric encryption algorithm which means that to decrypt them, you will need a special key for each of the files that has been encrypted. This special key is what the cybercriminals promise to deliver once the ransom has been paid.
But should you choose to remove the FriedEx ransomware using an anti-malware software, which is the solution that we recommend, there is no chance that you will be recovering your files.
For the anti-malware to effectively perform its work, run your Windows device on Safe Mode with Networking.
As part of our recommendations on how to get rid of the FriedEx ransomware, we also advice that you download a PC cleaner that will get rid of any junk files, downloads, and repair the registry entries that were corrupted by the FriedEx ransomware.