Fonix Ransomware

Posted: June 15, 2020

Fonix Ransomware Description

The Fonix Ransomware is a file-locking Trojan that uses a secure version of the Salsa20 encryption for stopping documents and other media from opening. The Trojan also extorts ransoms through an advanced HTML file and pressures victims with a short deadline with financial penalties for missing it. Users should recover from a backup, if available, and let their preferred anti-malware solution delete the Fonix Ransomware or quarantine samples for analysis.

A Dip that's Too Spicy for Your Computer's Media

The long-established standard of AES algorithms with RSA key-based security is the favored attack of file-locking Trojans globally, starting with freeware like Hidden Tear and ending with the Ransomware-as-a-Service industry. Some exceptions are active and still-threatening, such as the AlphaBetaCrypt Ransomware, the GetCrypt Ransomware or the newest the Fonix Ransomware. All three threats are examples of Trojans leveraging Salsa20 encryption for blocking valuable files.

The Fonix Ransomware (referencing itself as 'FonixCrypter' in its ransom note) is an independent but mostly-traditional Trojan of the file-locking sub-class. It searches for media on Windows computers, such as documents, pictures, music, or databases and locks them with Salsa20 encryption. The encryption routine includes RSA protection for keeping users from recovering their work through free decryptors, as is the case with less-secure Trojans like Hidden Tear.

The Fonix Ransomware also adds e-mails and extensions into filenames for what it locks and uses a unique ransom note in HTA format. Although the Trojan doesn't specify a cost, it does demand Bitcoin currency and provides a minimal deadline before the price doubles. This method of psychologically pressuring victims is one that malware experts see in similar campaigns. It has the benefit of convincing users to pay before realizing that criminals don't always give unlocked media back to the customer.

Crushing an Illicit Business While it's a Young Upstart

Up-and-coming Trojan businesses like the Fonix Ransomware's campaign rarely make surprising waves in their distribution strategies. Most threat actors will go after the low-hanging fruit of brute-forcing passwords on vulnerable servers, or send crafted e-mail messages to employees to convince them to open a corrupted attachment. Responsible password management, scanning downloads, and turning off features like macros and JavaScript take most of these vulnerabilities out of the equation.

The Fonix Ransomware is noticeably larger than most file-locking Trojans, which tend towards sub-megabyte filesizes. Samples of the Fonix Ransomware hover in the six-megabyte range, which may give victims additional time to notice a threatening download. The file-locking routine, however, has no unusual symptoms, as is par for course.

Since removing the Fonix Ransomware doesn't remedy any locked files, users should prepare their backups with appropriate updates and security for a comprehensive recovery. Anti-malware tools also are dependable means of removing the Fonix Ransomware and similar Trojans on sight.

The Fonix Ransomware is dipping into a congested environment for trading files for ransoms. Despite the competition, as long as there are unprotected users (and their data), Trojans like the Fonix Ransomware will find a way to make cryptocurrency without working for it – in the conventional sense.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Fonix Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Fonix Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.