Fucku Ransomware
Posted: November 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | January 28, 2022 |
|---|---|
| Last Seen: | January 29, 2022 |
| OS(es) Affected: | Windows |
The Fucku Ransomware is a Trojan that uses encryption to prevent you from opening your media, such as pictures, archives, videos or documents. The file-locking attack has no symptoms while it's ongoing, although, afterward, malware experts can confirm some visible system changes, such as new extensions added to your files and the presence of text-based ransom instructions. Always eliminate the Fucku Ransomware with anti-malware products to minimize any data loss, and back up any media to keep non-consensual encryption from becoming a bargaining point for threat actors.
Trojans Telling You What They Feel
Another file-locking Trojan and possible variant of the SamSam Ransomware (AKA 'Samas') is entering into the active distribution stage of its campaign, which uses a standard encryption-and-ransom strategy against its victims. Like the SamSam Ransomware, the Fucku Ransomware also supports transactions for both English and Russian speakers, giving some hints as to which regions are possible targets. However, malware experts have yet to identify the additional threats that the Trojan's author is using to install this Trojan.
Once the victim installs it, the Fucku Ransomware launches a background process that searches the system's directories for different formats of media, such as JPG pictures, Excel spreadsheets, and Word or Adobe PDF documents. Besides the strictly cosmetic change of appending '.fucku' extensions into the names of these files, the Fucku Ransomware also encrypts them. This cipher-based encoding process converts the files to unintelligible data that word processors and other programs can't read. The encryption routine also may inject some additional data that's specific to this Trojan, such as an ID number or a 'marker.'
The ransoming message that the Fucku Ransomware creates afterward, a TXT-formatted note, bears strong similarities to those of the old SamSam Ransomware. Although the Fucku Ransomware's texts provide both English and Russian language support, both versions include grammatical errors, and malware experts are hesitant to draw any conclusions about the ethnicity of the campaign's threat actors. This note asks for five hundred USD to restore your files, although the author was careful to insist on Bitcoins for the transaction, which eliminates any refund protection for the victim.
Erasing an Obscene File Extension
Whether it's a variant of the professionally-managed SamSam Ransomware or not, the Fucku Ransomware offers similar risks to any users that it attacks: blocking files with a potentially unbreakable cipher and demanding an expensive fee for undoing the attack. Although users may seek out help from established cybersecurity researchers for determining whether or not decryption is possible without paying, many file-locking threats use secure cryptography. Backing up your work is an essential element of protecting it from all Trojans of this category, with the caveat that malware experts recommend storing at least one backup on a device that isn't readily accessible over a local network.
Cybercrooks usually prefer circulating Trojans with file-locking payloads through e-mail spam and associated, attached content, such as fake or compromised text documents. To a lesser degree, these threats also can install themselves with the assistance of exploit kits running over corrupted websites, or take advantage of brute-force attacks that compromise a network's login. Default anti-malware services should eliminate the Fucku Ransomware immediately, and strict password protocols can combat brute-force hacking tools.
The Fucku Ransomware may design its messages to arrive at specific regions of the world, but living in a different country doesn't protect your PC from harmful data encryption. The cost of ignoring your basic security practices, especially while online, may be hidden, but as the Fucku Ransomware shows, it's never free.