Feg Ransomware
The Feg Ransomware is a threatening tool used by cybercriminals to lock the data on the computers they manage to breach. The threat is equipped with an encryption process that will impact the documents, archives, databases, and possibly many other file types stored on the infected devices. Typically, ransomware attack operations are financially motivated with the goal of the attackers being the extortion of money from the affected users or organizations.
Analysis of the Feg Ransomware has confirmed that the threat is a variant of the Xorist Ransomware. It will encrypt the targeted files and attach '.feg' to their original names as a new extension. It seems that the operators of the Feg Ransomware are targeting Russian-speaking users specifically. The ransom note of the threat is written entirely in Russian and is delivered both as a text file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt' and in a pop-up window. The text shown in the pop-up window will appear as gibberish if the computer system doesn't have support for Cyrillic letters installed on it.
Translating the ransom-demanding message of the threat reveals that the cybercriminals give their victims a single day to contact them. After that period is over, the decryption key needed for the restoration of the locked files will supposedly be deleted. Only the 'marina99787@mail.ru' email address is provided as a potential way to reach the hackers.
The full text of the note:
'Внимание! Все Ваши файлы зашифрованы!
Для того что бы расшифровать свои файлы напишите нам на почту:
marina99787@mail.ruЖдем ответа сутки ,если не получим ответа сегодня, после удаляем ключи расшифровки.'
