FUCKaNDrUN Ransomware
The FUCKaNDrUN Ransomware is a file-locking Trojan that's a modified version of Hidden Tear, a previously open-source project. The FUCKaNDrUN Ransomware locks your PC's media files and uses image and text-based ransoming instructions for extorting users. Victims can recover with free decryption tools or a backup, but should, first, remove the FUCKaNDrUN Ransomware through appropriate anti-malware solutions.
A Program that's Upfront about Who It's Screwing
Although Hidden Tear's fallen out of favor with threat actors who are finding plentiful options in the Ransomware-as-a-Service ecosystem increasingly, it's still a potential gold mine for Black Hat programmers who don't mind tinkering with its code. This family is an outgrowth of Utku Sen's once-upon-source and now-defunct project. It's best known for its numerous variants throughout previous years, including the KratosCrypt Ransomware, the VindowsLocker Ransomware, the Hidden-Peach Ransomware, the Kampret Ransomware, and many more – such as the latest the FUCKaNDrUN Ransomware.
Early estimates suggest that the FUCKaNDrUN Ransomware's author is a native Italian speaker, but its payload is English-oriented. The Windows program, as per usual, uses the AES encryption for blocking files automatically, which includes targets such as Word or PDF documents, pictures like GIFs and JPGs, spreadsheets, music and more. The FUCKaNDrUN Ransomware also adds 'FUCKaNDrUN' extensions into their names, which forms the basis of its title, since it doesn't identify itself in its ransom note.
The FUCKaNDrUN Ransomware includes a warning image that it may place on the desktop for redirecting users to its text ransoming instructions. The latter are mostly-conventional and include an e-mail and ID for the ransom negotiations, and an upfront 300 USD ransom demand. While malware experts confirm that the wallet link is active, thankfully, it doesn't display any transactions correlating with victims paying the ransom.
Keeping Trojans from Running Away with Your Work
The FUCKaNDrUN Ransomware's installer doesn't carry any typical traits associated with drive-by-download tactics, such as names describing it as being an update or legitimate software. Since there is limited data on how it might circulate, malware experts recommend monitoring all of the most-likely infection sources for file-locker Trojans. These vulnerabilities include Exploit Kits – which use scripts inside of the victim's browser – as well as spam e-mails and torrents. Administrators also should be sure of using updated software and secure passwords.
There are freeware decryptors that can unlock Hidden Tear-blocked files. Users may test these restoration options before moving on to less-convenient ones, although malware experts don't recommend paying the ransom. Cryptocurrencies like Bitcoin operate on difficult-to-refund transactional norms that make any ransom payment into a risk of losing everything – one's money along with the files.
Since Hidden Tear's family includes no built-in anti-analysis or anti-removal features, nearly all anti-malware programs should delete the FUCKaNDrUN Ransomware effectively, which users should default to for disinfection.
It's been a minute since the last Hidden Tear variant made its waves, but with the FUCKaNDrUN Ransomware, the family is coming back into public sight. Anyone who's not protecting their files already has even more incentive than ever to start doing so.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.