Threat Database Ransomware Dr. Fucker Ransomware

Dr. Fucker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 20
First Seen: November 2, 2016
Last Seen: March 6, 2023
OS(es) Affected: Windows

The Dr. Fucker Ransomware is a new version of the Samas or SamSam Ransomware, a known encryption ransomware Trojan. The Dr. Fucker Ransomware is slightly more effective in avoiding security software and in infiltrating networks. The Dr. Fucker Ransomware also features superficial changes such as a reworked naming scheme. Like most ransomware Trojans, the Dr. Fucker Ransomware is distributed using corrupted spam email attachments. These attachments may take the form of corrupted Microsoft Office documents that are designed to exploit vulnerabilities in the macro functionality in the Microsoft Office. Victims of the Dr. Fucker Ransomware attack will receive an error message or notification letting them know of the attack after their files have been compromised.

The Dr. Fucker Ransomware Includes Threatening Worm-Like Capabilities

If the Dr. Fucker Ransomware manages to compromise a network, particularly in an institution or business, the attack can get out of hand quickly. This is because the Dr. Fucker Ransomware is designed to copy itself from one computer to another on a network using shared folders, giving the Dr. Fucker Ransomware capabilities similar to worms and similar self-replicating threats. The Dr. Fucker Ransomware is quite effective in compromising servers, giving the Dr. Fucker Ransomware the potential to take out entire websites or databases. The Dr. Fucker Ransomware targets more than 320 different file types in its attack. This makes the Dr. Fucker Ransomware particularly threatening. It is paramount to take preventive measures to avoid the Dr. Fucker Ransomware infections, especially avoiding spam email attachments or visiting websites that could contain potentially threatening software.

How the Dr. Fucker Ransomware Carries out Its Attack

The Dr. Fucker Ransomware uses the RSA-2048 encryption, which cannot be decoded without access to a decryption key (which, unfortunately, the people responsible for the Dr. Fucker Ransomware attack will hold in their possession). The Dr. Fucker Ransomware will change the infected files' extensions to '.iloveworld.' The files that have been encrypted by the Dr. Fucker Ransomware will no longer be accessible.

The Dr. Fucker Ransomware demands the payment of a ransom of 1.7 BitCoin (approximately $1500 USD at the exchange rate during the time of writing this report). The Dr. Fucker Ransomware delivers its ransom demand in a file that is dropped on the victim's Desktop. This ransom note is a text file named 'PLEASE_READ_FOR_DECRYPT_FILES_[ID number].txt.' Below is the full content of the Dr. Fucker Ransomware ransom note:

'#What happened to your files?
All your files encrypted with RSA-2048 encryption, For more information search in Google 'RSA Encryption.'
#How to recover files?
RSA is an asymmetric cryptographic algorithm;
You need one key for encryption and one key for decryption.
So you need Private key to recover your files.
It's not possible to recover your files without private key
#How to get private key?
You can get your private key in 3 easy step:
Step1: You must send us 1.7 BitCoin for each affected PC OR 29 BitCoins to receive ALL Private Keys for ALL affected PCs.
Step2: After you send us 1.7 BitCoin, Leave a comment on our Site with this detail: Just write Your 'Host name' in your comment.
*Your Host name is: WIN-{Unique identification}
Step3: We will reply to your comment with a decryption software. You should run it on your affected PC, and all encrypted files will be recovered.
*Our Site Address: http://5hvtr4qvmq76zyfq.onion/alpinism/
*Our BitCoin Address:[34 random characters]'

Recovering from a Dr. Fucker Ransomware Attack

An attack on a corporate target, which may need to unlock dozens of computers, can result in very elevated fines quite easily. Fortunately, corporate targets may have backup images of servers and other important data. The best option for recovering from a Dr. Fucker Ransomware attack is to reconfigure all affected computers, wiping them and restoring the data from the backup images. Although a good security program that is fully up-to-date may be capable of intercepting the Dr. Fucker Ransomware, and establishing good email guidelines so that computer users avoid downloading attachments can prevent the Dr. Fucker Ransomware from being installed, having file backups is the most effective preventive method.


Most Viewed