Threat Database Ransomware FuckSociety Ransomware

FuckSociety Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 36
First Seen: November 8, 2016
Last Seen: November 4, 2021
OS(es) Affected: Windows

The FuckSociety Ransomware is an encryption Trojan that is derived from the Fs0ci3ty Ransomware. The authors of the Fs0ci3ty Ransomware appear to have worked on new version named FuckSociety Ransomware, which is supposed to bypass AV shields and use an RSA-4096 cipher to lock the files on the victim's computer. The creators of the FuckSociety Ransomware rely on spam emails and social engineering techniques to convince users to run a corrupted executable that will download and install their threats. Web surfers may be suggested that downloading a small application would give them access to premium content on adult-rated sites and unlock shareware like the Microsoft Office.

Spam Emails are the Primary Carrier of the FuckSociety Ransomware

However, users might find that the suspicious file they ran is a strand of the FuckSociety Ransomware, which uses the '.DLL' file extension to mark the encrypted data. For example, 'Chilean_flamingo.jpeg' will be transcoded to 'Chilean_flamingo.jpeg.dll and the Windows Explorer may bring up an alert that the file may be damaged. Analysts note that the FuckSociety Ransomware can encrypt data stored locally on removable media and shared drives. As long as your information is not password-protected and is not governed by a read/write policy, it can be modified by the FuckSociety Trojan. Threats similar to the FuckSociety such as Exotic 3.0 and Kangaroo are designed to encode data containers for images, audio, video, text, presentations, databases and spreadsheets. The ransom note is provided as 'DECRYPT_YOUR_FILES.HTML' on the desktop of the user who is logged in and reads:

'All your files have been encrypted with Fuck Society Ransomware
YOU HAVE 5 DAY TO MAKE PAYMENT OR ALL YOUR FILES HAVE BEEN DELETED!
For each file unique, strong key. Algorithm RSA$)(^ look at
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
- ALL your Attempts to restore files on their own, lead to the loss of the possibility of recovery and we are not going to help you.
Your unique Id for decrypt: [random characters]
FOR DECRYPT YOUR FILES BUY YOUR UNIQUE DECRYPTION CONFIG:
[URL to a site on the Open Internet]
In file you find link to decryptor , and link to decryption config file'

Users are Better off Using Backups Instead of Paying the Ransom

The ransom note in 'DECRYPT_YOUR_FILES.HTML' is accompanied by a custom desktop wallpaper that will be set as your default background when the encryption procedure is complete. The image established by the FuckSociety Ransomware represents the word 'SOCIETY' with a depiction of a hand giving the finger to the user's face. Needless to say, the authors of the FuckSociety Ransomware are cheeky and are not likely to provide a decryptor. Experiences with threats like the BTC Ransomware and the EncryptoJJS Ransomware suggests that users should use backups and archives to rebuild their data structure instead of paying the ransom. Using a reliable anti-malware utility to clean your PC is a must when you are dealing with threats like the FuckSociety Ransomware.

Trending

Most Viewed

Loading...