IceFire is a harmful malware infection that emerged in the first half of March 2022 that encrypts victims’ files and renders them inaccessible. Those infected are compelled to pay the ransom, usually paid in Bitcoin or Monero, requested by the group in exchange for their data. If paid, the victim is given a decryption key that can be used to restore their files. IceFire uses the AES+RSA encryption algorithm, generating a unique decryption key that the group keeps on a remote private server. Even with the payment, the group gives no guarantee that the key will be delivered or that the stolen data will not be used elsewhere. The group has concentrated its attacks on English-speaking users, where numerous attacks have been reported around the world.