'.fake File Extension' Ransomware

The '.fake File Extension' Ransomware is a file-locking Trojan that can encrypt documents, spreadsheets, music, movies and similar media. After the encryption, these files can't open, which gives the attacker justification for leveraging a ransom demand at the victim. Users with backups can quickly recover, and most anti-malware utilities should block quarantine, or delete the '.fake File Extension' Ransomware.

A Trojan that's not a Faker at Being Threatening

What could be a variant of a slightly older threat, a minor '.lol file extension' Ransomware, is bringing an extra set of encryption attacks down on the heads of unwary Windows users. This threat's ransom note appears in the '.fake File Extension' Ransomware (unrelated to the Proticc Ransomware or the .LOL!' Ransomware). Despite its name, the '.fake File Extension' Ransomware is anything but a fake at its job.

The '.fake File Extension' Ransomware uses encryption for locking a handful of predesignated file formats. The vulnerable media includes Word documents, Excel spreadsheets, AVI movies, pictures, music, and even comma-separated values (CSV) files. Like many file-locking Trojans of the day, it also labels each file that it stops opening by giving it an extension (as in 'example-picture.jpg.fake').

The ransom note that the '.fake File Extension' Ransomware recycles from the '.lol file extension' Ransomware is an image; it gives a one-day deadline on paying a Bitcoin ransom through a TOR website. With a value of almost six thousand USD, the extortion is most likely targeting unprotected businesses. Still, Windows users at home also may experience this file sabotage, with no free decryption solution for reversing it.

Working around a Trojan's Tight Deadlines

That the '.fake File Extension' Ransomware shares a ransom note with another threat isn't a definite indication of any relationship. File-locker Trojans misappropriate each other's messages for convenience routinely, although the use of images in this fashion is slightly less common than with simple text. While malware experts are hesitant to conclude prematurely, victims are safer with the assumption that there are few to no chances of reversing the '.fake File Extension' Ransomware's encryption for file recovery.

Since most file-locking Trojans use e-mail for circulation, users should be cautious of downloading attachments or following links in unanticipated e-mail messages. Tactics for circulating threats like the '.fake File Extension' Ransomware can include fake invoices, resumes, or even call center referrals (as per January's BazarCall Malware). Most drive-by-downloads abuse macros, which the victim must enable unless their Office software is excessively out-of-date.

Powerful backup protection is a vital part of defending against any file-locking Trojan's payload. Malware experts recommend that users back up files to other devices and use password protection features where appropriate. Modern Windows security services also should immediately catch and remove the '.fake File Extension' Ransomware.

A day isn't a long time for considering a ransom, and some users might not have the time they need to realize it could be a tactic. Whether '.fake File Extension' Ransomware's threat actor keeps their word or not, feeding the file-locker Trojan industry funds can only fuel more encryption attacks.