Foop Ransomware
The Foop Ransomware is a file-locking Trojan that's an update to the STOP Ransomware family, also referred to as Djvu Ransomware. Besides preventing users from accessing documents and other media, it may delete backups, block some websites from loading, and demand ransoms in text messages. Users should protect themselves equally with both anti-malware products for removing the Foop Ransomware and backups for restoring any lost files.
The Trojan Rampage that Just can't Stop
Remaining one of the least appropriately named families of Trojans, the STOP Ransomware is a persistent part of the threat landscape that makes money off of endangering files. Since 2018, members like the infamous Djvu Ransomware, the Coot Ransomware, the Werd Ransomware, and the Mbed Ransomware are playing their parts in sabotaging digital media with cryptography. The Foop Ransomware is one more entry into this already-lavish pile, showing that criminals still bank on the family's capabilities for making money.
The four-character random name choice is a typical one for the Foop Ransomware's family and denotes the extension that it adds onto any files that it attacks. However, the locking procedure occurs through encryption with RSA security that, in most cases, is unbreakable. This attack blocks digital media like documents from opening, and third parties have relatively low chances of decrypting it. Along the way, the Trojan also may issue a command that deletes any Shadow Copies, which prevents users from taking advantage of the most self-evident recovery method.
While users may find distractions in the extensions and the Foop Ransomware's dropped ransom note (a text message), malware analysts also warn of other side effects of infections. The Foop Ransomware may modify the Hosts file's mapping of domains and IP addresses, which can block websites like microsoft.com. It also may run a third-party utility for stealing passwords, which attackers could put to various misuses. In most cases, a threat actor will ransom the contents of an entire network rather than limiting themselves to one PC.
Making the Foop Ransomware Go Poof
Users noticing infections midway through the process of an attack may respond quickly to salvage their files. They should isolate infected systems from network-available ones and removable devices. Disconnecting from the internet is additionally helpful due to the Foop Ransomware's need for contacting its server. Without doing so, it defaults to a much less secure 'locking' method that third parties have better chances of breaking than its C&C-backed one.
Admins in positions of responsibility for network and server security can avoid high-risk passwords and maintain diligent control over patches to vulnerable software. Malware researchers also find many versions of the STOP Ransomware family using torrents for circulation, which is preventable by avoiding downloads of illegal content (game cracks, as one example). In some cases, business entities also can be at risk from e-mail-based tactics with threatening attachments or embedded and obfuscated links.
Another week brings another series of attacks against Windows users, and the Foop Ransomware is the unsurprising herald of criminal extortion. The only way of making a Ransomware-as-a-Service truly stop functioning is by rendering it unprofitable, which anyone can do, as long as they back up their media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.