FCrypt Ransomware
The FCrypt Ransomware is a file-locker Trojan that encrypts the user's work and recreational media and delivers ransoming demands in an accompanying text file. The current releases offer a free decryption solution, although vulnerabilities in the Trojan make decryption with the help of third-party PC security experts a likely possibility. The users also may recover their work through backups after removing the FCrypt Ransomware with their chose anti-malware program.
A Studio Producing Trojans
The free content host of GitHub is, once again, a resource for threat actors experimenting with threatening software. The FCrypt Ransomware, whose code is a derivative of projects from FIFCOM, a Chinese 'technology studio' with various GitHub projects, may be the beginning of a new set of attacks that block files for money. While its capabilities are similar to those of a Hidden Tear or a Globe Ransomware variant, malware experts find no associated ransoming transactions, and it may be unready for a public debut.
The entirety of the FCrypt Ransomware's code is just under seventy lines, and the small program lacks traditional features such as deleting the Shadow Volume Copies. After loading, it searches the C drive for DOC documents, RAR archives, JPG pictures, and a handful of other formats of media and encrypts them with a traditional AES algorithm. Unlike most of the similar file-locker Trojans, malware experts note that this one randomizes the AES key with an MD5 hash – which is, significantly, not secure, especially in comparison to an RSA-based alternative.
The '.FCrypt!Sample' extension it adds to the names of these locked files suggests that the FCrypt Ransomware is in an in-development stage instead of being ready for release into the wild. Another detail that further supports this theory is the FCrypt Ransomware's Notepad ransom note, which provides most of the information of a standard extortion demand but, supposedly, requires no money for the decryptor. Whether or not this is true, the message, still, contains erroneous information concerning the encryption cipher's security.
Shutting Down a Lying Trojan's Operation
How thoroughly its threat actor plans on monetizing the FCrypt Ransomware is a revelation-in-waiting, but most file-locking Trojans ask for between several hundred and several thousand USD through Bitcoins or vouchers. However, the FCrypt Ransomware demonstrates aptly why nearly none of its competition uses MD5-based 'security' – this program's 'locked' files are readily decryptable by cyber-security experts with even a minimum of cryptography experience. Such a weakness isn't equally true of the majority of file-locking Trojans, and malware experts encourage scheduling backups to compensate for that fact.
The distribution exploits for the FCrypt Ransomware remain equally unsure. The users can help protect their PCs by avoiding easily-broken logins, disabling RDP, closing ports that aren't in active use, and scanning downloads from possibly unsafe sources like torrents or e-mail before opening them. A strong anti-malware program should remove the FCrypt Ransomware with absolutely no trouble unless the threat actor makes further enhancements to the Trojan's code.
The FCrypt Ransomware is a paper-thin attempt at locking files for unknowable reasons. Anyone being victimized by it should be grateful to avoid suffering under the payloads of worse threats like the undecryptable members of the Crysis Ransomware's family.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.