Xorist-Frozen Ransomware is the revised version of Xorist Ransomware which was prevailing in 2016. The security researchers have found its newer version out again in feb 2018.
Xorist-Frozen Ransomware is nowhere different from LockMe Ransomware and is aimed to encrypt data and files found on the victims PC and append them with ‘.firstname.lastname@example.org’ extension. For example, ‘blackcat.jpg’ is renamed to ‘email@example.com.’ After the data been encrypted, Xorist-Frozen Ransomware leaves a ransom note named as ‘HOW TO DECRYPT FILES.txt’ on their desktop and the drives were encryption been done.
The ransom note reads as:
‘All your important files were FROZEN on this computer.
Encryption was produced using unique KEY generated for this computer.
To decrypted files, you need to obtain private key.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet;
The server will destroy the key within 36 hours after encryption completed.
REMEMBER YOU HAVE ONLY 24 HOURS TO PAY EVERYTHING IS AUTOMATICALLY!
To retrieve the private key, you need to pay 0.5 bitcoins
Bitcoins have to be sent to this address: 3N8FxD8y3AKKPZaUBuypw55YYSswmECPxh
After you’ve sent the payment send us an email to : frozen_service_security@scryptmail[.]com with subject : ERROR-ID-63100888(0.5BTC)
If you are not familiar with bitcoin you can buy it from here :
SITE : www[.]localbitcoin[.]com
After we confirm the payment , we send the private key so you can decrypt your system.’
The authors of the Ransomware instructs the victims to contact them on the provided email address “firstname.lastname@example.org”. It means that the authors makes use of Scryptmail.com mail service to communicate within.
Users may get this infection generally when users open any solicited email attachment containing macro-enabled document containing the payloads of the malware. Thus users must be cautious while opening any such attachments or downloading any freeware programs from untrusted links.
However, there is no any guarantee that they will decrypt all the files after receiving the payment. Thus, security researchers advise not to pay the ransom to the authors of Xorist-Frozen and quickly remove the threat from the PC. Also, you can try recovering your data from backups if any or take the help of data recovery software programs.