Fonix Ransomware Description
The Fonix Ransomware is a file-locking Trojan that uses a secure version of the Salsa20 encryption for stopping documents and other media from opening. The Trojan also extorts ransoms through an advanced HTML file and pressures victims with a short deadline with financial penalties for missing it. Users should recover from a backup, if available, and let their preferred anti-malware solution delete the Fonix Ransomware or quarantine samples for analysis.
A Dip that's Too Spicy for Your Computer's Media
The long-established standard of AES algorithms with RSA key-based security is the favored attack of file-locking Trojans globally, starting with freeware like Hidden Tear and ending with the Ransomware-as-a-Service industry. Some exceptions are active and still-threatening, such as the AlphaBetaCrypt Ransomware, the GetCrypt Ransomware or the newest the Fonix Ransomware. All three threats are examples of Trojans leveraging Salsa20 encryption for blocking valuable files.
The Fonix Ransomware (referencing itself as 'FonixCrypter' in its ransom note) is an independent but mostly-traditional Trojan of the file-locking sub-class. It searches for media on Windows computers, such as documents, pictures, music, or databases and locks them with Salsa20 encryption. The encryption routine includes RSA protection for keeping users from recovering their work through free decryptors, as is the case with less-secure Trojans like Hidden Tear.
The Fonix Ransomware also adds e-mails and extensions into filenames for what it locks and uses a unique ransom note in HTA format. Although the Trojan doesn't specify a cost, it does demand Bitcoin currency and provides a minimal deadline before the price doubles. This method of psychologically pressuring victims is one that malware experts see in similar campaigns. It has the benefit of convincing users to pay before realizing that criminals don't always give unlocked media back to the customer.
Crushing an Illicit Business While it's a Young Upstart
The Fonix Ransomware is noticeably larger than most file-locking Trojans, which tend towards sub-megabyte filesizes. Samples of the Fonix Ransomware hover in the six-megabyte range, which may give victims additional time to notice a threatening download. The file-locking routine, however, has no unusual symptoms, as is par for course.
Since removing the Fonix Ransomware doesn't remedy any locked files, users should prepare their backups with appropriate updates and security for a comprehensive recovery. Anti-malware tools also are dependable means of removing the Fonix Ransomware and similar Trojans on sight.
The Fonix Ransomware is dipping into a congested environment for trading files for ransoms. Despite the competition, as long as there are unprotected users (and their data), Trojans like the Fonix Ransomware will find a way to make cryptocurrency without working for it – in the conventional sense.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Fonix Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.