Home Malware Programs Ransomware '.FUCK File Extension' Ransomware

'.FUCK File Extension' Ransomware

Posted: April 4, 2018

The '.FUCK File Extension' Ransomware is a member of the OXAR Ransomware branch of the Hidden Tear family, which locks your files by encrypting them with the AEThe '.FUCK File Extension' Ransomware attacks also create text messages asking you to pay Bitcoins for restoring the files to usable formats. However, users can employ various, free methods of recovering their data, as well as have anti-malware products remove the '.FUCK File Extension' Ransomware from their PCs safe and automatically.

Trojans Giving Obscenities out Freely

The OXAR Ransomware is a small sub-group of the Hidden Tear family, whose free code is often exploitable by threat actors wanting to 'lock' files in exchange for money. However, the OXAR Ransomware is growing by at least one member thanks to the new the '.FUCK File Extension' Ransomware's joining the old Kappa Ransomware as a variant. The OXAR Ransomware threat actors have made no unusual or secure changes to the cryptography portion of the Trojan's payload, and are using copy-pasted ransoming instructions that change little more than the payment and contact info.

The '.FUCK File Extension' Ransomware uses a non-secure version of the AES encryption while locking different files on the PC. This file-locking feature loads in the background without any visual symptoms, UI or consent prompts. Depending on quantity and size of the files that the '.FUCK File Extension' Ransomware locks, it may complete the attack in just a matter of minutes or even seconds. As a variant of OXAR Ransomware, this Trojan affects file types that include BAT batch files, Web HTML pages, WAV and MP3 audio and JPG pictures. The OXAR Ransomware also injects the '.FUCK' extension into their names (for instance: 'song.mp3.FUCK').

The OXAR Ransomware also creates a ransom note that is a variant of a popularly-circulated one that malware experts also are finding in other, file-locker Trojans' campaigns. The user is given instructions for paying Bitcoins to the '.FUCK File Extension' Ransomware's wallet account before e-mailing the threat actor and asking for the decryption key. All of these demands are traditional elements for the Black Hat, file-locker Trojan industry.

Calming Down from Swearing at Software

Although the '.FUCK File Extension' Ransomware's Bitcoin ransom is collectible without the con artist running any risk of needing to refund it, the Trojan's encryption mechanism is less secure than its extortion procedure significantly. Malware experts are confirming that, like many versions of Hidden Tear, the '.FUCK File Extension' Ransomware is suitable for having its files unlocked by freeware decryption programs. Victims of its attacks should contact appropriate cyber-security organizations for any help on procuring a compatible decryptor, and avoid using potentially incompatible ones that could corrupt their files further.

At this time, malware experts also note that the '.FUCK File Extension' Ransomware is out of its development stage. The con artists may try compromising PCs with this threat by sending e-mail attachments to targeted users, brute-forcing their way into networks, or circulating it on file-sharing sites. However, most anti-malware products are detecting Hidden Tear's variants reliably and should remove the '.FUCK File Extension' Ransomware without requiring more than minimal input from the user.

The '.FUCK File Extension' Ransomware is another Trojan that presents a misleading view of its attacks. Giving a ransoming message any credibility, by default, is an unnecessary way of losing both files and money.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '.FUCK File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.