Threat Database Ransomware FabSysCrypto Ransomware

FabSysCrypto Ransomware

By GoldSparrow in Ransomware

The FabSysCrypto Ransomware is a ransomware Trojan that was first reported in March 2017. The FabSysCrypto Ransomware may be distributed using corrupted file attachments contained in spam email messages. These file attachments may take the form of text documents that install the FabSysCrypto Ransomware through the use of corrupted macros on the victim's version of Microsoft Word or other software used to open these files. This is a typical method used to deliver threats like the FabSysCrypto Ransomware to victims. The typical profile of victims of the FabSysCrypto Ransomware is individual computer users and small businesses. These attacks take advantage of inexperienced employees and human errors that could lure computer users into opening a corrupted file attachment without being certain of the contents.

No System Will be Fab if It is Hosting the FabSysCrypto Ransomware

The FabSysCrypto Ransomware attack is a typical example of encryption ransomware Trojans. The purpose of these attacks is to take the victims' files hostage, by encrypting them with a strong encryption method and then demanding that the victim pays a large ransom to recover the affected files. The FabSysCrypto Ransomware is not too sophisticated, when compared to other ransomware Trojans, and does trigger a User Account Control alert as it tries to carry out its attack. The main attack involves the FabSysCrypto Ransomware encrypting the victim's files on all drives and shared directories on the infected computer. The files that are encrypted during the FabSysCrypto Ransomware attack are simple to recognize because, much like numerous other ransomware Trojans, the FabSysCrypto Ransomware will add the extension '.locked' to the end of each of the affected files. In its attack, the FabSysCrypto Ransomware may be contained in an executable file named 'fabsyscrypto.exe' and targets a wide variety of file types, including media files, image files, documents created by a variety of programs, databases, eBooks and numerous others. The FabSysCrypto Ransomware's ransom note, which demands that the victim pays a ransom to recover the affected files, is contained in a file named '_HELP_instructions.txt' dropped on the infected computer.

How the FabSysCrypto Ransomware Carries out Its Attack

The FabSysCrypto Ransomware is one of the countless ransomware Trojans that is based on Hidden Tear. This is an open source ransomware Trojan published in 2015, which spawned countless versions of these threats. The attack is effective: the FabSysCrypto Ransomware infects the victim's computer, connects to its Command and Control server, and uses the TOR network for communication and ransom payments. The encryption engine itself is quite sophisticated since it uses a combination of the RSA and AES encryption to make the victims' files inaccessible completely after the attack has been carried out. The FabSysCrypto Ransomware demands that the victim pays 0.5 BitCoin, approximate $600 USD at the current exchange rate. However, it is not recommended to pay this amount.

Dealing With the FabSysCrypto Ransomware

PC security researchers strongly advise computer users to avoid paying the FabSysCrypto Ransomware's ransom. There is a very low probability that the people responsible for the FabSysCrypto Ransomware will follow through on their promise to deliver the victim's files after the attack. Most importantly, paying the FabSysCrypto Ransomware ransom allows con artists to continue carrying out these attacks and claiming more victims. As with other ransomware Trojans, the best protection against these attacks is to have file backups on an external memory device or the cloud. The FabSysCrypto Ransomware infection itself is simple to remove with the help of a reliable, fully updated security program. However, the victim's files will remain encrypted after the attack. If the victim can restore the affected files from a backup copy, then the con artists lose any leverage they have over the victim that allows them to demand the ransom payment. The use of file backups, combined with the safe handling of online content and email and a reliable security program can help prevent and deal with the FabSysCrypto Ransomware attacks effectively.

Trending

Most Viewed

Loading...