FireCrypt Ransomware

FireCrypt Ransomware Overview
Firecrypt ransomware is a new malware threat that is closely related to the Deadly ransomware which was identified in October 2016. The security analysis has shown that it is a sophisticated platform for developing customized ransomware strains. Its creator is known under the alias of BleedGreen. The advanced options allow the hackers to create their own viruses that can include any of the following features: The default behavior of the ransomware is to kill the running Task Manager process and activate the encryption module. All affected files receive the  .firecrypt  extension. In addition the ransomware features a built-in DDOS feature. It allows the computer victims to initiate direct campaign attacks against predefined targets.
 * Startup Entry Creation
 * Taskmgr process kill switch
 * AES-256 encryption module addition
 * Built-in DDOS feature
 * Disk Space Utilization
 * Customized Icon

FireCrypt Ransomware Affected File Types
The AES-256 cipher is used to target a predefined list of 20 file types:".txt, .jpg, .png, .doc, .docx, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .htm, .csx, .psd, .aep, .mp3, .pdf, .torrent"

FireCrypt Ransomware Note
A ransomware note is crafted and placed on the user's desktop. One of the samples contains this message: Key Will Be Destroyed On: 1/7/2017 Your Files Are Encrypted: 1758 files encrypted securely. USER ID: User-io5zHC•zvL – Encryption Used: AES-256 Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click “Encrypted Files” link to view a complete list of encrypted files. and you can personally verify this. Encryption was produced using a unique public key AES-256 generated for this computer. To decrypt files you need to obtain the private key. The only copy of the private key, which will allow you to decrypt your files. is located on a secret server on the Internet: the server will eliminate the key after a time period specified in this window. Once this has been done. nobody will ever be able to restore files… In order to decrypt the files you will need to send $500 USD in form of BTC to the following bitcoin address: 1H91foPIcEGFqurFdq5zek4frCshzPZbq9V (How to buy Bitcoins?) After payment contact gravityz3r0@sigaint.org with your transaction details and “USER 11)”. Once the payment is confirmed you will recieve decryption key along with decryption software. Any attempt to remove or corrupt this software will result in immediate elimination of the private key by the server. Beware. Encrypted Files

FireCrypt Ransomware Distribution
The FireCrypt ransomware is an executable file that poses as legitimate documents and important files such as PDF or DOC files. The FireCrypt ransomware is classified as a polymorphic malware which utilized advanced stealth technique.

FireCrypt Ransomware Removal
In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.