Foqe Ransomware

The Foqe Ransomware is a file-locking Trojan that's from a Ransomware-as-a-Service known as the STOP Ransomware or the Djvu Ransomware. The Foqe Ransomware keeps files hostage by encrypting their data and performs associated attacks for extorting money out of the victim. Users can best preserve their files from these attacks by backing them up and having anti-malware protection for deleting the Foqe Ransomware without delay.

The Irony of a Ransomware-as-a-Services Proceeds Unabated

The arguably poorly-chose name of the STOP Ransomware for one of the earliest and family-defining campaigns of a Ransomware-as-a-Service continues proving its thematic contradiction to the business's ongoing attacks. RaaSes are widely available to threat actors with little in the way of money and, sometimes, even programming enthusiasm, and become known for spawning countless variations over months and years consequently. The Foqe Ransomware, the next spin-off of STOP Ransomware, is another demonstration of the point.

The Foqe Ransomware targets Windows systems with its ransoming campaign, much like its kin, the Copa Ransomware, the Kuus Ransomware, the Moss Ransomware, the Nppp Ransomware or the Pykw Ransomware. Its principal function is targeting media files, such as documents or images, which it encrypts using AES with a dynamic or static (for network connectivity failures) RSA key. After keeping the user's files from opening and flagging them with extensions that identify its campaign, the Trojan generates ransom notes, including a TXT file.

Since the STOP Ransomware or the Djvu Ransomware family follows a generic template, there are no changes between the Foqe Ransomware's instructions and its predecessors. It asks for several hundred dollars – up to nearly a thousand, for 'late' payments – in return for unlocking the victim's files. Such expenditures don't necessarily get the victim the desired outcome, although free decryption options for the Foqe Ransomware's family tend to be extremely limited.

Because of the above common issue, malware researchers endorse appropriate, remote backups for securing any files from attacks like this ideally, and offering a reasonable and free recovery path.

Forcing a STOP Ransomware Spawn to a Stopping Point

Any Foqe Ransomware infection carries other risks besides the overt blocking of digital media. Users may experience the deletion of the Restore Points, fake Windows update prompts, or website-loading problems (thanks to changes to the Hosts file). Some threat actors also will deploy file-locker Trojans from the Foqe Ransomware family to support spyware, such as AZORult, a password collector. Usually, this last tactic is for achieving full access to networks and their files.

Along with the usual backup precautions, any Windows users can render themselves much safer from attacks by abiding by infection vector-blocking habits. Password security should be foremost in the mind of any network administrator for blocking automated brute-force attacks. E-mail attachments should undergo scans before downloading and have their macros left off, when possible. Illicit download resources also are likely sources of attacks, ranging from copies of popular movies to cracks for well-known multiplayer games.

The Foqe Ransomware's encryption routine is generally-secure against most free decryption possibilities. However, proven cyber-security products specializing in threat removal should delete the Foqe Ransomware securely and should do so before its payload reaches its full, file-blocking potential.

Without much put into updating its potential, the Foqe Ransomware coasts on its Ransomware-as-a-Service family's previous capabilities. It's fortunate for the Trojan's client that encryption is so easily exploitable – albeit not that much for anyone on the experiencing end of these attacks.