Foo Ransomware

The VoidCrypt Ransomware family continues to be surprisingly popular among cybercriminals, and they are using it to launch their personalized ransomware variants. One of the latest entries to the list of threats based on the VoidCrypt Ransomware is called Foo Ransomware, and, sadly, there is no free decryptor that its victims can use. Users whose files were locked by the Foo Ransomware will only be able to recover them reliably through a backup – if this option is not available, they will need to look for other recovery options and methods that might not always work reliably.

The Foo Ransomware is spread through cracked software or games, fake downloads, torrent trackers and other suspicious content. The best way to keep it away from your system and your files is to use an up-to-date anti-virus software suite at all times. In addition to this, it is recommended to maintain up-to-date, offline backups of your important data.

If the Foo Ransomware attack succeeds, you will end up losing access to many of your files because your files' contents are encrypted. The Foo Ransomware only targets files that it deems to be valuable – you will recognize them by the extension '.[encryptfull@criptext.com][<VICTIM ID>].Foo' added to their names. After the threat is done encrypting and renaming files, it drops the ransom message '!INFO.HTA' on the desktop. The ransom note asks victims to message encryptfull@criptext.com or decryptfull@criptext.com for further details.

It is best to ignore the criminals' offer and to run an anti-virus tool to eliminate the threat. This will prevent it from damaging more files and allow you to proceed to the next step – trying to recover your files. On account of the lack of a free decryptor, the only reliable way to do this is through a backup. If a backup is not available, then you should explore other data recovery tools.