What is FIXED Ransomware?
FIXED is the name of a new strain of ransomware, discovered only recently in the wild. The ransomware doesn't seem to belong to any particular family of ransomware variants.
The ransomware encrypts most commonly used file types, making the files unusable. Once files are encrypted, they receive the ".FIXED" extension, appended after the original one.
This means that a file formerly called "document.docx" will transform into "document.docx.FIXED" once it has been fully encrypted.
Once the encryption process completes, the FIXED ransomware also drops its ransom note, contained in a file named "Info.hta". The .hta file is an executable that contains hypertext in it.
The full text of the ransom note goes as follows:
Don't worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send 3 of your encrypted files and we decrypt it for free. You must follow these steps To decrypt your files : 1) Write on our e-mail :test at test dot com ( In case of no answer in 24 hours check your spam folder or write us to this e-mail: test2 at test dot com) 2) Obtain Bitcoin (You have to pay for decryption in Bitcoins. After payment we will send you the tool that will decrypt all your files.)
There is no specific amount mentioned in the ransom note and no known decryption tool for the FIXED at the moment.