Freezing is distributed through hacking through an insecure RDP configuration, using email spam and malicious attachments, deceptive downloads, botnets, exploits, web injects, fake updates, repackaged and infected installers.
Freezing will perform a scan, which will determine the locations of the files that will be decrypted later. Then, Freezing will trigger the encryption process. While the files are being locked, Freezing will add a ‘.Freezing’ extension to them. When the encryption process is completed, the extension applied will be altered to ‘.FreezedByWizard.’
Changing the extension like this is certainly not a widely spread practice among ransomware authors. Then, Freezing will proceed to drop a ransom note named ‘.FreezedByMagic.README.txt.’ In the note, the attackers tell the victim not to panic and that they can recover all the locked data by receiving them a ransom fee. However, the victim has only seven days to complete the payment or the authors of Freezing threaten to delete their decryption key. The attackers, however, fail to mention what the exact ransom fee is. They have given out an email address where the victim is meant to contact them and get more details on the matter – ‘email@example.com.’