FoxRansom Ransomware
The FoxRansom Ransomware is a new, Hungarian version of Hidden Tear, an open-source, file-locking Trojan. While the FoxRansom Ransomware's campaign is in mid-development, its payload includes a legitimate encryption feature for blocking your media, as well as creating ransom notes in Notepad's TXT format. Decryption for free may or may not be possible, and users always should have secure backups of any irreplaceable data, while having their anti-malware programs delete the FoxRansom Ransomware, when appropriate.
Turkish Trojans Getting a Little Foxy
Hungary may be the target of a new version of Hidden Tear, the file-locking Trojan whose ease of use and wide availability is leading to its distribution around the rest of the world. This new, Hungarian variant, the FoxRansom Ransomware, is in the middle of testing and limits the files that it attacks to anything residing in a 'teszt' (Hungarian for 'test') folder, but this limitation is easily removable at any time. Meanwhile, malware researchers have yet to determine the size of the ransom, which makes the price of infection, potentially, very expensive – many file-locking Trojans ask for payments of thousands of dollars in cryptocurrency or vouchers.
The FoxRansom Ransomware and other HT Trojans, like the Boris HT Ransomware, the Horros Ransomware, the Ultimo Ransomware or the Tear Dr0p Ransomware, all implement the AES encryption without the user's consent as a way of converting their files into non-opening versions. The FoxRansom Ransomware also includes an optional extension change (adding '.fox' to the end of filenames) for the victim's convenience of identifying them and may target any formats or locations in its internal list. Word documents and other text formats, Excel spreadsheets, archives, and various picture types are examples of some of the media that malware experts rate as being at high risk of receiving encryption.
Typically, a 'finished' version of Hidden Tear like the upcoming the FoxRansom Ransomware targets files in traditional Windows profile locations, such as their Downloads or Pictures folders or the desktop. Due to the brevity and low resource usage of a simple, AES-encrypting routine, malware experts warn that victims may not notice until after it's complete. After this attack, the FoxRansom Ransomware drops a Notepad ransoming message that announces its identity and delivers its threat actor's demands for payment for their decryption help.
Running a Wild Fox to Ground
Most of the details of the FoxRansom Ransomware's campaign that would be of use to any victims have yet to receive implementation, including what they're expected to pay for unlocking their files and how the Trojan could compromise their PCs in the first place. Recent activity in the file-locking Trojan industry has close connections to e-mail spamming campaigns and brute-force attacks for breaking vulnerable logins, both of which are defensible by avoiding suspicious attachments, updating your software as appropriate and using secure passwords. Malware experts also are tracking some attacks, albeit at much lesser rates, which could install the FoxRansom Ransomware through a Web browser-launched exploit kit or a fake media download, such as a torrent.
Whatever form the FoxRansom Ransomware's ransom takes, users should avoid paying it before testing the potential of restoring their files with the free decryption applications that are compatible with the Hidden Tear family. However, since free file-unlocking services are, sometimes, not possible, malware experts recommend all users keeping backups of their work on another computer or a storage device. Most anti-malware products should delete the FoxRansom Ransomware automatically since, like other versions of Hidden Tear, it has limited defenses against being identified as a threat.
Hungarian PC owners may have a little more than the average one to fear from the FoxRansom Ransomware's campaign as it starts, but this Trojan is just a regionally-specialized version of a global one. The location you live has nothing to do with how hard you should work for keeping your files safe since there's a type of Hidden Tear for nearly every nation that exists.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.