SoFucked Ransomware
Posted: September 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 7 |
First Seen: | September 13, 2017 |
---|---|
Last Seen: | April 18, 2018 |
OS(es) Affected: | Windows |
The SoFucked Ransomware is a Trojan that locks your files with an AES encoding to force you into paying for their safe return. Extortionist-endorsed decryption solutions aren't always reliable, and malware experts recommend using free alternatives or restoring to your most recent backup, instead of paying for a potentially non-useful service. Since the symptoms of this infection may not appear immediately, users should depend on default anti-malware security measures for detecting, quarantining or uninstalling the SoFucked Ransomware.
The Trojan that Tells It Like It Is
Trojans intending to use encryption to extort money out of the PC users they're attacking can opt for incredibly sophisticated, in-depth tutorials on how to pay. Alternately, their authors may opt for a low-effort implementation that provides only a bare minimum of necessary information, such as an email address. The SoFucked Ransomware falls into the latter group, although its encryption attacks aren't any less viable at causing damage to media as a result of its short instructions.
Although the SoFucked Ransomware is fully functional, the samples malware experts identify to date have yet to offer any significant information on how it's spreading. The Trojan may be attached to spam emails, downloaded via Web-based threats like the RIG Exploit Kit or installed manually after the con artists brute-force access to a vulnerable server. The SoFucked Ransomware's payload includes, but isn't limited to the following features necessarily:
- The SoFucked Ransomware uses an AES-based encryption method for locking widely-used formats of data, such as documents. It also appends '.fff' extensions to these files afterward, which lets the victim detect which content is being held hostage without opening them one by one.
- The SoFucked Ransomware also delivers a Notepad file either to the desktop or the same folders bearing any encrypted media. The threat actor provides no significant instructions other than asking for generic payment and giving an email address (with an unusual choice of provider: 'sofucked@freespeechmail.com') to contact. Most decryption negotiations offer either the decryption key or the decryptor program after taking payment through methods like the Bitcoin crypto currency.
- The Trojan also resets the Windows wallpaper to an image that duplicates the text of the previous Notepad message.
Victims also may experience other symptoms from different builds of the SoFucked Ransomware, such as being unable to access the Windows Shadow Copies or problems with launching software like the Task Manager.
Rescuing Your Files from an 'Effed' Situation
Since its ransoming format provides a minimum of support and its other features are limited relatively, the SoFucked Ransomware may be a product of a threat actor without much experience in threatening file encryption. Victims are more likely of being recreational PC users that will have their systems compromising by downloading unsafe content, such as torrents related to illicit gaming programs or entertainment media. However, there is a theoretical possibility of the SoFucked Ransomware being deployed more professionally through such methods as brute-forcing access to a business's server or disguising it inside of an email attachment.
Although testing free decryption software for file-unlocking purposes is preferable to paying ransoms to remote attackers, malware experts can't confirm the SoFucked Ransomware's compatibility with such solutions. Always create spare copies of any files before testing them with potentially irreversible procedures like a cipher-specific decryption routine. Although anti-malware products can identify and delete the SoFucked Ransomware as a threat to your computer, without backups, a SoFucked Ransomware infection can cause permanent data loss.
The SoFucked Ransomware's relationship with the rest of the file-locking Trojan industry at large is still a topic of speculation and research. However, what's certain is that even con artists just stepping into this underground business model need to know little to cause considerable damage to unprotected PCs.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:dir\name.exe
File name: name.exeSize: 55.29 KB (55296 bytes)
MD5: 5a843982bb525573b3b65c16801cefef
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Path: dir
Group: Malware file
Last Updated: September 16, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.