FireCrypt targets Windows OS and is distributed as a ransomware kit. It is built using a command-line application called BleedGreen that permits the creation and modification of settings, as well as the creation of executables that can be disguised as other file types. It can also alter FireCrypt’s binary and change the file hash in order to evade detection by antivirus software. Once a system is infected, FireCrypt kills the Task Manager and then targets and encrypts 20 types of files using AES-256, appending .firecrypt to the file names. It then drops a ransom note and, using its built-in distributed denial-of-service (DDoS) feature, it continuously connects to a hardcoded URL and downloads its contents into the infected system’s %Temp% folder in an ineffective attempt at taking the target URL offline. The ransom payment demand is $500 worth of Bitcoin.
- Bleeping Computer provides more information about FireCrypt here.
- The NJCCIC is not currently aware of any free decryption tools available for FireCrypt.