1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Freezing Ransomware

Freezing Ransomware is an infection that, according to our research team, was written in PowerShell. If it manages to slither into an operating system, it decrypts its payload written in .NET and obfuscated with confuserEx, and then it can start encrypting your personal files. Unfortunately, this particular infection has the power to encrypt the most valuable files, and if you do not have backup copies that could replace them, you might be in big trouble. At the time of research, a decryptor that could decipher the encryptor used by this malware did not exist, and unless the victim was an expert at ransomware, it is unlikely that they could have restored their files themselves. Unfortunately, it seems that once files are encrypted, they are lost. Even if you remove Freezing Ransomware right away, your files will remain encrypted. The funny thing is that the attackers behind this malware do not propose a solution either.

Most file-encrypting ransomware infections are built so that attackers could demand money from victims in return for decryption tools or services. Freezing Ransomware does not offer anything. In fact, it does not provide any information at all. After successful execution, no ransom notes are delivered, and so the victims might not understand what has happened. There are only two traces left behind that help identify this infection. First, we have the %ALLUSERSPROFILE%\.FreezedByWizard.LOG file. Second, we have the “.FreezedByWizard” extension that is appended to the corrupted files. It is interesting that, at first, the “.Freezing” extension is appended, and only then it evolves into the final extension. If you do not delete Freezing Ransomware right when it slithers in – and if it does that in a stealthy manner, you are unlikely to notice it – the infection can encrypt all personal files in %APPDATA%, %LOCALAPPDATA%, %TEMP%, and %USERPROFILE% directories. It should avoid .EXE, .DLL, and .ISO files, but they are unlikely to represent personal files anyway.

It is most likely that Freezing Ransomware is in testing stages. It is possible that the creator of this malware will never use it to attack Windows systems actively, but it is also possible that they could be working on an updated version of this threat. If Freezing Ransomware were to be updated, it could demand money in return for a decryptor, and if you ever face this version of the threat, know that most victims of ransomware do not obtain decryptors even if they fulfill the demands. Hopefully, you are reading this report just to gather knowledge, and you still have time to secure your operating system and protect your personal files. Needless to say, while it is impossible to guarantee that malware cannot slither in, there are measures you can take to ensure that your files are safe or that your chances of facing new threats are smaller. When it comes to securing files, we strongly recommend creating backups. If you have copies of your personal files stored someplace safe, you will never have to worry about losing your files, unless, of course, you manage to have the originals and the backups destroyed at the same time. This is why it is best to save backups on external drives or online.

Since Freezing Ransomware appears to be in testing stages still, it is hard to say how exactly this threat would work if it was released as a fully functional threat. Due to this, it is impossible to say what steps you would have to take if you needed to delete Freezing Ransomware from your operating system. The instructions below show a few of the possible locations where the threat’s launcher could exist, and we also include a step that removes the .LOG file created by the infection. Without a doubt, manual removal is not ideal in this case. In fact, we do not recommend deleting dangerous threats manually at all because, in many cases, these threats are more complex than they can appear to be at first, and failure to erase all malicious components could lead to re-infection. What we recommend is installing anti-malware software. First of all, you need the protection that this software can offer you. Second, if there are any threats, it can delete them automatically.

Freezing Ransomware Removal

  1. Tap Win+E keys to access Explorer.
  2. Enter %ALLUSERSPROFILE% into the field at the top.
  3. Delete the file named .FreezedByWizard.LOG.
  4. Check the following directories for malicious files (delete these files if you find them):
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  5. Empty Recycle Bin and then perform a thorough system scan using a legitimate malware scanner.
Download Spyware Removal Tool to Remove* Freezing Ransomware
  • Quick & tested solution for Freezing Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.