FSociety Ransomware

The FSociety Ransomware is a ransomware Trojan that pays homage to the TV show Mr. Robot. The FSociety Ransomware is a variant of EDA2 that uses an image in the ransomware attack that is the logo of a hacking group featured on Mr. Robot called the FSociety. Fans of the show will recognize the connection immediately when looking at the Desktop image displayed by the FSociety Ransomware.

The FSociety Ransomware is Based on the EDA2 Project

EDA2 is a project released in 2016 that made an open source ransomware Trojan available to the public. Like other variants of EDA2, the FSociety Ransomware uses AES encryption to take the victim's data hostage and then uploads the RSA encrypted decryption key to its Command and Control servers. The FSociety Ransomware seems to be under development. Although the FSociety Ransomware does encrypt the victim's files, it doesn't display a ransom note or provide a contact email for ransom payments, or other necessary features of ransomware Trojans. The FSociety Ransomware's attack is also limited to a test folder located on the victim's Desktop. It seems that the FSociety Ransomware was not developed as a way to make a profit and more as a way to pay homage to the Mr. Robot TV show and display the FSociety logo on victims' computers. It is possible that hereafter the FSociety Ransomware will be further developed and distributed, but at the time of writing, the FSociety Ransomware seems to be limited to a pretty lame prank.

A Ransomware that Takes Its Inspiration from the Mr. Robot TV Show

Real life con artists are now taking inspiration from the Mr. Robot TV show, which features a hacking group named the FSociety. In the show, the character Elliot is a talented IT security professional that has an alias, Mr. Robot, who is the leader of an infamous hacking group named the FSociety. The show itself is about much more than hacking and has garnered attention as it won a Golden Globe for Best Television Series in the drama category for its first season. At the beginning of season 2, the Mr. Robot TV show dealt with the subject of ransomware. One of the reasons why the show is so popular among the IT community is that it is quite accurate. In fact, the show even received an award at this year's Black Hat security conference due to the 'Epic Achievement' of being so accurate in its depiction of information security.

In the episodes dealing with ransomware, the FSociety attacked Ecorp, a large corporation in the show's universe. In the case of the show, the ransomware use was very similar to a known ransomware threat, CryptoWall. In the case of the FSociety Ransomware, it seems that the con artists responsible for this threat, obviously fans of the show, have simply taken EDA2 and included the FSociety logo in its ransom note.

The FSociety Ransomware is Still Under Development

In the case of the FSociety Ransomware, it seems that its developers haven't created a functional ransomware variant yet. The FSociety Ransomware uses a simple encryption method to lock a limited number of files on the affected computer and shows nothing more than the logo… it doesn't even display any explanation. In fact, computer users that are unfamiliar with the Mr. Robot TV show are likely to be just confused, since it seems that the FSociety Ransomware does nothing more than this.

Understanding the EDA2 Fiasco

EDA2 is an open source ransomware building that was released in 2015. The FSociety Ransomware has a backdoor on its server side component that lets PC security analysts take data from compromised Command and Control servers that use EDA2. Unfortunately, the release of EDA2 enabled many fraudster groups to create numerous ransomware components and saturate the market, although nothing as severe as CryptXXX or Locky. The FSociety Ransomware is one of the many ransomware threats that are created by amateurs and based on EDA2's code obviously.