F1 Ransomware

The F1 Ransomware is a malware threat that has been detected in the wild. Analysis of the underlying code and functionality revealed that the threat is part of the NEFILIM malware family. Upon infiltrating a targeted system successfully, the F1 Ransomware will initiate an encryption algorithm that will lock most of the files stored there rendering them both inaccessible and unusable. Afterward, the malware will deliver a message from its unscrupulous creators in the form of text files named 'f1-HELP.txt.' A copy of the note-bearing files will be generated in each folder containing encrypted data.

F1 Ransomware's demands

According to the note, the F1 Ransomware has managed to exfiltrate an extensive amount of sensitive data from the compromised systems. The collected files are being stored on a secured remote server under the control of the hackers. Victims can request to receive a breakdown of the data while certain details will be published on a dedicated website hosted on the TOR network. The hackers threaten to start periodically leaking the private information to the public.

As for the encrypted files, victims are allowed to send up to 2 files that will supposedly be unlocked for free. Further instructions will be provided after the hackers receive the files. 

The full text of the instructions found inside the 'f1-HELP.txt' files is:

'Two things have happened to your company.

======================================

Gigabytes of archived files that we deemed valuable or sensitive were downloaded from your network to a secure location.

When you contact us we will tell you how much data was downloaded and can provide extensive proof of the data extraction.

You can analyze the type of the data we download on our websites.

If you do not contact us we will start leaking the data periodically in parts.

======================================

We have also encrypted files on your computers with military grade algorithms.

If you don't have extensive backups the only way to retrieve your data is with our software.

Restoration of your data with our software requires a private key which only we possess.

======================================

To confirm that our decryption software works send 2 encrypted files from random computers to us via email.

You will receive further instructions after you send us the test files.

We will make sure you retrieve your data swiftly and securely and your data that we downloaded will be securely deleted when our demands are met.

If we do not come to an agreement your data will be leaked on this website.

TOR link:'