Freefoam ransomware / virus (Tutorial) - Free Guide
Freefoam virus Removal Guide
What is Freefoam ransomware virus?
FreeFoam ransomware targets Russian-speaking PC users
FreeFoam ransomware is computer malware that encrypts victim’s files using RSA encryption algorithm. The ransomware targets Russian-speaking computer users because the ransom note it leaves on the system (MESSAGE.txt) contains a message from criminals written in Russian. During the data encryption, the virus adds .freefoam extension after the original one to every file.
The Message.txt file holds a message that recommends writing to the cyber criminals as soon as possible via firstname.lastname@example.org. The message contains victim’s ID, which has to be included in the email to the cyber criminals; otherwise, it will be ignored. The fraudsters also suggest that third-party decryption tools won’t do any good to victim’s files and may even ruin them permanently.
FreeFoam virus also sets a deadline until the victim has to pay the ransom. If the victim fails to contact cyber criminals and buy the decryption tool from them, the victim’s decryption key will be deleted from frauds’ server.
Unfortunately, at the moment there aren’t many reports from victims, and currently, it is unknown whether the criminals even provide the decryption software for those who decide to pay. We do not recommend paying the ransom because it simply helps the crooks to organize more illegal projects.
Instead of paying the ransom, use anti-malware software to remove FreeFoam ransomware. We suggest using RestoroIntego, although you can use another trustworthy anti-malware software.
To restore .freefoam extension files, you need to have a data backup. Sadly, there aren’t many data recovery options available – the ransomware corrupts files in a highly sophisticated way. We have provided some alternative options below the FreeFoam removal guide. You can find these tutorials below the description of the virus.
Freefoam ransomware targets Russian-speaking individuals who use unprotected computers. After encrypting all files on the system, the virus drops Message.txt (the ransom note)
Distribution of the malware
The ransomware variant we described today is known to be delivered via email spam and illegal software packs. Currently, it is unknown whether it employs other distribution techniques (Trojans or exploit kits).
If you want to avoid installing ransomware like Freefoam, you need to apply several layers of protection. First of all, create a data backup. Second, install anti-malware software. Finally, stay cautious when browsing the world wide web.
Stay away from untrustworthy websites and illegal content. Remember that gambling or adult-oriented sites are known to be excellent sources of malware, so avoid clicking pop-ups and banners that appear on them.
Remove Freefoam ransomware and try to recover your files
We hope that you found this ransomware description informative. Now, it is time to remove FreeFoam virus from your computer so that you could start using it on a daily basis again. The first thing you want to do is reboot your PC into Safe Mode with Networking.
Once you restart your computer in this mode, you can start FreeFoam removal. However, we must warn you that in order to complete this task, you need to have anti-malware software installed on your computer. In case you have never installed one on your computer, try one of the tools we suggest using. You can find a list of them down below.
Speaking of data recovery, we must say that you shouldn’t put your hopes up high. The ransomware is a very powerful virus, and sadly even the most experienced malware analysts cannot crack their codes. Besides, ransomware uses encryption algorithms that are typically used to protect military-grade secrets, so there’s no hope to restore these files if you do not have a data backup.
Getting rid of Freefoam virus. Follow these steps
Manual removal using Safe Mode
There is only one safe way to remove Freefoam ransomware virus. You need to prepare your PC by restarting it in a Safe Mode with Networking first. Once this task is complete, you can finally let your anti-malware program do its job.
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
- Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
After you are finished, reboot the PC in normal mode.
Remove Freefoam using System Restore
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of Freefoam. After doing that, click Next.
- Now click Yes to start system restore.
Bonus: Recover your dataGuide which is presented above is supposed to help you remove Freefoam from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.
Now that it is time to recover those .Freefoam files, you need to find that data backup you created a while ago. If you already found it, remove the virus and plug the data storage device into your PC and import healthy files into it.
If you are afraid that the computer contains some ransomware remains, you can create an extra data copy using an untouched and secure computer. In case you haven't thought about consequences of ransomware attack earlier and you do not have a data backup, try these data recovery methods.
If your files are encrypted by Freefoam, you can use several methods to restore them:
Install Data Recovery Pro
Data Recovery Pro is an excellent tool that helps to recover files corrupted in certain ways. It helps to restore deleted or damaged files, however, it might fail to successfully restore .freefoam extension files. Test the program to find out whether it can recover them for you or not.
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by Freefoam ransomware;
- Restore them.
You can use ShadowExplorer to search your system for Volume Shadow Copies. Sometimes, viruses fail to delete them, which leaves the victim a chance to restore corrupted files. ShadowExplorer helps to gather these copies and restore the encrypted data.
- Download Shadow Explorer (http://shadowexplorer.com/);
- Follow a Shadow Explorer Setup Wizard and install this application on your computer;
- Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
- Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Freefoam and other ransomwares, use a reputable anti-spyware, such as RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Do not let government spy on you
The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet.
You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.
Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.
- ^ RSA (cryptosystem). Wikipedia. The Free Encyclopedia.
- ^ Bedynet. Bedynet. Malware Removal Tutorials in Russian.
- ^ Linas Kiguolis. The best anti-malware software of 2017. 2-Spyware. Fighting against Spyware, Malware.